cyberSecurity Optimization and Training for Enhanced Resilience in finance

We are living in the era of digitalization where the digital applications across all business sectors are increasing. Unfortunately, cyber-attacks are increasing alarmingly as well, with some sectors being critical in terms of cybersecurity, according to the NIS directive. The critical sectors in particular must have complex and robust infrastructures to fight cyber-attacks, including robust measures to deal with the human factor behind them. Social awareness and specific training for employees are necessary, as they can unwittingly be the cause of a cyberattack. In this project, we have developed cybersecurity solutions applying innovative tools to offer impenetrable infrastructures to the finance sector which could also be adapted to other business sectors. In addition, we have complemented the technological solution with a specific methodology for training and raising the awareness of finance sector employees about the importance of their daily work against cyber-attacks. The new key players on the finance sector panorama were also part of our training activities, in order to cover human behaviour related threats posed by these new players.

SOTER has created a comprehensive set of tools that will act as a transformative process of the finance sector, helping their players to increase the cybersecurity level of this critical sector, as one of the key threats to deal with nowadays. SOTER has addressed this issue under a holistic approach, tackling different aspects linked to it, both from the technological perspective and the human factor. In particular, SOTER’s main results are, on the one hand, a cyber secure, complete and robust Digital Onboarding Platform (DOP) that provides a sovereign digital identity through the use of blockchain technology, and facilitates the interconnection between different services, providers and users, and on the other, a cybersecurity training and assessment based on human factor considerations, focused on providing useful tools and actions to help key players in the finance sector to improve their skills and awareness towards cybersecurity issues.

One of the main objectives has been the design and development of an innovative and flexible onboarding process to which the most advanced cybersecurity measures in the market are applied, in line with current international standards, local and regional regulations, as well as the consideration of future trends in these areas in the financial sector. To this end, the project has completed the conceptualization, design and development of a native architecture in the cloud which allows the onboarding process to be used as an innovation platform, adaptable to both current and future regulations, easily scalable and highly configurable. Furthermore, the definition and development of the main integrations with the products of the consortium partners has been carried out. Thanks to this, we have been able to build an innovative onboarding process, adapted to European regulations and aligned with the current and future market. Also, a deep analysis of the identification services market has been carried out in order to set an appropriate exploitation strategy to commercialize the DOP and also to define the exploitation interest of each result of the project.

Desk research on cybersecurity competences has been carried out for determining the current best practices, the legal context and cybersecurity considerations. This has provided a starting point and orientation for the cybersecurity trainings. It specifically focuses on the human factor in cybersecurity. SOTER has also explored how companies can increase their cyber resilience and promote the long-term development of a cybersecurity culture.

Since the very beginning, the project has set up its dissemination and communication activities, including a website, social media accounts, printed materials, articles, short videos, and regular newsletters in order to engage stakeholders and promote the project’s activities and results. SOTER has also worked in collaboration with other H2020 projects tackling cybersecurity in order to better understand and tackle cybersecurity issues together. The projects co-organised a number of workshops and public-facing events to better engage stakeholders in the field and to exchange knowledge, lessons learned and best practices on cybersecurity and regulatory standards with a focus on the financial sector.

SOTER has taken a holistic research approach by combining two complementary strands of enquiry to tackle the ever increasingly complex nature of cybersecurity resilience. The first strand of research has focused on developing a State-of-the-Art biometric-based identity and authentication digital onboarding platform for the financial services sector. This tool seeks to increase security, usability, and integrity within the sector by easing the onboarding of customers into the digital marketplace. It combines a suite of novel technologies such as NFC chip reading technologies, Proof-of-Life facial recognition, voice signature template technologies, privacy respecting consent and permissions management, and know your device technologies. Crucially, the product also provides the data subject with a secure and robust method for obtaining digital identity credentials, which they can store in their own blockchain based credential wallet. The platform has also been built according to Privacy-by-Design, Security-by-Design, and Data-Protection-by-Design-and-Default methodologies and will attempt to ensure transparency and accountability across the full design and development lifecycle. SOTER has also adhered to the applicable regulatory frameworks and privacy and data protection principles have been maintained, according to European Commission guidelines, as well as promoting European values.

To complement the technological development, SOTER has engaged with the finance sector to research human factor-based cybersecurity, through social science and humanities-based research. SOTER has sought to further the existing knowledge by combining three complementary strands of research – the first is a combination of desk-based research and an evidence-led qualitative enquiry with both a dedicated end-user and sectoral partners from the fintech community, to see if existing theory and practice are congruent. This strand of the SOTER project has investigated specific aspects of human factor-based cybersecurity, namely incidents, threats and vulnerabilities related to 1) Error, malpractice, and misjudgement 2) Malevolent actors, and 3) Legal and ethical threats. The second strand of research has developed a suite of training materials to be released under open licences, with the goal of increasing cybersecurity resilience across the sector. The developed training materials are based on a comprehensive Cybersecurity Competence Catalogue informed by the industry, that clearly outlines which cybersecurity, information security, and information technology related competences are required by employees of financial services organisations to be cyber-resilient. The overarching goal of the SOTER social sciences based research is to ensure that the finance sector is furthermore protected from ever-increasingly complex threats in regard to the human factor in an ethical and trustful manner, taking into account, not only organisational integrity, but also the individual integrity of all employees involved.