Skip to main content

cyberSecurity Optimization and Training for Enhanced Resilience in finance

Periodic Reporting for period 1 - SOTER (cyberSecurity Optimization and Training for Enhanced Resilience in finance)

Reporting period: 2019-07-01 to 2020-08-31

We are living in the era of digitalization where are increasing the digital applications across all the business sector. Unfortunately cyber-attacks are increasing alarmingly. They are considered critical sectors in terms of Cybersecurity according to NIS directive. Therefore robust measures against cyber-attacks must exist, being the human factor behind many of them. The critical sectors must have complex and robust infrastructures to fight against cyber-attacks. However, social awareness and specific training for employees are necessary, as they can generate without notice a vulnerability seized by a cyberattack. Along this project, we will develop cyber security solutions applying innovative solutions to offer impenetrable infrastructure that will be focused on finance sector but it can be extended and adapted to other business sectors: insurance, retail, utilities… In addition, we will complement the technological part with a specific methodology for training and raising the awareness of finance sector employees about the importance of their daily work against cyber-attacks. The new key players on the finance sector panorama will also be part of the training activities, in order to cover, besides the traditional banking employees, the new threats in terms of human behavior provided by these new players, such as TPPs employees. As long as they will interact with banks systems (on the frame of the PSD22 implementation), new potential cyber security breaches can be identified.

SOTER will create a comprehensive set of tools that will act as a transformative process of the finance sector, helping their players to increase the cybersecurity level of this critical sector, as one of the key threats to deal with nowadays. SOTER will address this issue under a holistic approach, tackling different aspects linked to it, both the technological perspective and the human factor.
One of the main objectives of the project is the design and development of an innovative and flexible onboarding process in which the most advanced cybersecurity measures in the market are applied, in line with current international standards, local and regional regulations, as well as the consideration of future trends in these areas in the financial sector. To this end, this period has seen the conceptualisation, design and development of a native architecture in the cloud which will allow the boarding process to be used as an innovation platform, adaptable to both current and future regulations, easily scalable and highly configurable. Furthermore, the definition and development of the main integrations with the products of the consortium partners has been carried out. Thanks to this, we have been able to work on building an innovative onboarding process, adapted to European regulations and aligned with the current and future market.

On the other hand, desk research on cybersecurity competences has been carried out for determining the current best practices, the legal context and cybersecurity considerations. This will provide a starting point and orientation for cybersecurity trainings. It specifically focuses on the human factor in cybersecurity. SOTER has also explored how companies can increase their cyber resilience and promote the long-term development of a cybersecurity culture.
SOTER is taking a holistic research approach by combining two complementary strands of enquiry to tackle the ever increasingly complex nature of cybersecurity resilience. The first strand of research focuses on developing a State-of-the-Art biometric-based identity and authentication digital onboarding platform for the financial services sector. This tool seeks to increase security, usability, and integrity within the sector by easing the onboarding of customers into the digital market-place. It combines a suite of novel technologies such as NFC chip reading technologies, Proof-of-Life facial recognition, voice signature template technologies, privacy respecting consent and permissions management, and know your device technologies. Crucially the product also provides the data subject with a secure and robust method for obtaining digital identity credentials, which they can store in their own blockchain based credential wallet. These credentials can be used across a number of services within the Digital Single Market (DSM), whilst ensuring levels of data protection and privacy as custody of them remains with the owner, according to the Self-Sovereign Identity (SSI) principles. The platform is also being built according to Privacy-by-Design, Security-by-Design, and Data-Protection-by-Design-and-Default methodologies, and will attempt to ensure transparency and accountability across the full design and development lifecycle. It will provide a series of public reports and deliverables that communicate to the public how it has adhered to the applicable regulatory frameworks (GDPR, eIDAS, 5AMLD, PSD2, etc) as well as outlining to the general public how privacy and data protection principles are maintained, according to European Commission guidelines, as well as promoting European values.

To complement the technological development, SOTER is engaging with the finance sector to research human factor-based cybersecurity, through social science and humanities based research. SOTER seeks to further the existing body of knowledge by combining three complementary strands of research – the first is a combination of desk-based research and an evidence-led qualitative enquiry with both a dedicated end-user and sectoral partners from the fintech community, to see if existing theory and practice are congruent. This strand of the SOTER project will investigate specific aspects of human factor-based cybersecurity, namely incidents, threats and vulnerabilities related to: 1) Error, malpractice, and misjudgement 2) Malevolent actors, and 3) Legal and ethical threats. The second strand of research will develop a suite of training materials to be released under open licences, with the goal of increasing cybersecurity resilience across the sector. The developed training materials are based on a comprehensive Cybersecurity Competence Catalogue informed by the industry, that clearly outlines which cybersecurity, information security, and information technology related competences are required by employees of financial services organisations to be cyber-resilient. The overarching goal of the social sciences based SOTER research is to ensure that the finance sector is furthermore protected from ever-increasingly complex threats in regard to the human factor in an ethical and trustful manner, taking into account not only organisational integrity, but also the individual integrity of all employees involved.
SOTER logo and headlines
What can SOTER do, partner logos and EU disclaimer