CM October 2021

More documents

Recommendations

Info

INSIGHT AUTHOR – Leanne Salisbury Leanne Salisbury By masquerading as a trusted entity, the threat actor can create a sense of authority and play on the fear of people as they look for security and assurance from trusted institutions. Pre-pandemic awareness of phishing (targeting via email), vishing (targeting via voice call) and smishing (targeting via SMS text messaging) was already on the rise, and many companies were already providing security awareness training on the subject for employees. However, the fear around COVID-19 allowed criminals to ramp up exploitations and take advantage in cases where perhaps previously individuals would have paused and considered the email more carefully. Malicious file attachments containing malware payloads had COVID-19-related titles and prompted the receiver opening a file containing malware. There were also malicious android apps that claimed to have real-time trackers but instead aimed to get the user to provide administrative access to install "CovidLock" ransomware on their device . WEBSITE DOMAINS Some threat actor groups went a step further and registered new website domain names containing wording related to COVID-19 or Coronavirus. During a six-week period in early 2020 the United Nations Office on Drugs and Crime (UNODC) reported that as of the end of March 2020, more than 9,000 domains were registered with the Coronavirus theme. While some were set up for legitimate reasons, many presented information related to the pandemic only as a lure for malicious purposes. Using these domains, attackers could bypass the need to obtain victim email addresses and then send a phishing email with a malicious attachment or link. The malicious website could be used as a mechanism to deliver malware and obtain credentials through direct access by the victim landing on the page. Video and teaming apps also proved to be an area of weakness. At the beginning of the pandemic, the use of thirdparty videoconferencing and teaming applications grew exponentially as firms – and individuals – used them to stay connected. One of these in particular went from being largely unknown to becoming the most widely used app within weeks of lockdown restrictions being implemented. However, this popularity surge also made them a target. A weakness in the application opened the door for attackers, allowing them to take control of certain sessions, intercepting audio and video meetings and injecting unsolicited content. While the application provider has since managed to fix the vulnerabilities, it demonstrates the importance of firms’ system defences. So how does a business successfully build resilience into their operations? A good multi-layered approach to controls and the hardening of a system’s exterior shell are critical for preventing attacks being successful. Organisations must decrease their ‘attack surface’ and make themselves more difficult to target in the first place. INSECURE NETWORKS One of the most common methods cyber criminals use to gain access to an environment is to exploit insecure network services, especially remote desktop protocol (RDP). Having a comprehensive understanding of all external-facing systems along with implementing an advanced Endpoint Detection and Response (EDR) solution will enable proactive techniques, such as machine learning and behavioral analysis, to identify potentially new or complex threats before they become a critical issue. As seen with the video conferencing example, it is also crucial to manage thirdparty risks. It is important to proactively identify weaknesses in the supplier landscape and have the ability to respond quickly to manage incidents when they occur. A robust due diligence process that considers the inherent risk profile of the supplier and service can significantly help an organisation to identify potential threats. Threat actors are continually evolving their tactics, techniques and procedures in new and inventive ways, responding to realworld events to capitalise on fear-based behaviours and decision making. Ensuring resilience is built in from the start, including employee’s ability to respond and react under pressure, is critical. Leanne Salisbury is Senior Manager, Technology Consulting, EY. Advancing the credit profession / www.cicm.com / October 2021 / PAGE 18
HIGH COURT ENFORCEMENT OFFICERS ASSOCIATION Supporting vulnerable debtors The effect of Covid-19 on responsible High Court enforcement. AUTHOR – Alan J Smith THE pandemic has had a profound and lasting impact on the country’s finances. The vulnerable and those with poor mental health have long been associated with higher levels of debt but Covid-19 means the issue is touching far greater sectors of the community than ever before. The Financial Lives 2020 survey by the Financial Conduct Authority has found that over-indebtedness increased by a third to 14.2 million in October 2020. That’s more than a quarter of the UK’s adult population. In addition to the significant rise in problem debt, 27.7 million people are showing characteristics of vulnerability – such as poor health, low financial resilience or recent negative events in their lives, putting them at greater risk of harm when dealing with financial affairs. This is an increase of 15 percent from pre-pandemic levels. Fewer jobs, furlough, and zero hours contracts are all adding to financial struggles and problem debt. A 2021 report by Pro Bono Economics – The Impact of the Covid-19 Pandemic on Problem Debt in the UK – echoes this. It states that “the stresses and strains of unmanageable debt are closely related to wider problems in people’s lives, such as financial exclusion, family breakdown and poor physical and mental health.” High Court Enforcement Officers Association (HCEOA) members have long had procedures in place to identify and support vulnerable debtors, but the pandemic has brought more emphasis to this area. Our code of conduct covers vulnerability: High Court Enforcement Officers have a role in ensuring that the vulnerable and socially excluded are protected and that the recovery process includes procedures agreed between HCEOs and creditors about how such situations should be dealt with. A number of initiatives have driven this increased focus on the needs of vulnerable debtors, notably the Government’s Breathing Space scheme, the HCEOA’s return to enforcement strategy and the constraints placed on enforcement action during lockdown. The Breathing Space scheme allows people in problem debt to freeze interest, fees and enforcement for up to 60 days, with further protections for those receiving mental health crisis treatment. This relieves some of the pressure and stress on debtors who are seeking advice while they work on a debt solution. I am pleased to say that all of our members have embraced and supported Breathing Space as part of their commitment to practising responsible enforcement. Our return to enforcement strategy, published in July 2020, included a number of measures and enforcement agent training, which members needed to implement to support the vulnerable and recognise mental health issues. This has resulted in better processes and systems within High Court enforcement businesses to identify vulnerability. Many members have extended training in their businesses to include additional staff, beyond their enforcement agents and welfare teams, to help them identify vulnerability and changes in circumstances, which provides greater resilience. And the halt on enforcement visits to residential addresses during the first lockdown has led to enforcement agents implementing new and better ways of communicating with debtors, many of which have enabled earlier identification of mental health issues and vulnerability. The other factor that is driving improved support for vulnerable debtors has come from creditors themselves, especially those businesses with high volumes of consumer judgments, who want their policies around the fair treatment of customers incorporated into those of our members’. Whilst the increase in indebtedness and problem debt is undoubtedly something that none of us would wish for, the silver lining is that the enforcement industry is in a far better place to identify vulnerability and support those who need it. Alan J Smith FCICM is the newly appointed Chair of the High Court Enforcement Officers Association. The Breathing Space scheme allows people in problem debt to freeze interest, fees and enforcement for up to 60 days, with further protections for those in mental health crisis treatment. Advancing the credit profession / www.cicm.com / October 2021 / PAGE 19
Page 1 and 2: CREDIT MANAGEMENT CM OCTOBER 2021
Page 3 and 4: OCTOBER 2021 www.cicm.com 24 COUNTR
Page 5 and 6: CMNEWS A round-up of news stories f
Page 7 and 8: NEWS SPECIAL What really mattered w
Page 9 and 10: NEWS SPECIAL PASSING THE BUCK Debt
Page 11 and 12: Advancing the credit profession / w
Page 13 and 14: FROM THE CHIEF EXECUTIVE AUTHOR - S
Page 15 and 16: WORKFORCE MANAGEMENT AUTHOR - Colin
Page 17: INSIGHT AUTHOR - Leanne Salisbury F
Page 21 and 22: INTERVIEW AUTHOR - Sean Feast FCICM
Page 23 and 24: INTERVIEW AUTHOR - Sean Feast FCICM
Page 25 and 26: COUNTRY FOCUS AUTHOR - Adam Bernste
Page 27 and 28: COUNTRY FOCUS AUTHOR - Adam Bernste
Page 29 and 30: OPINION AUTHOR - Adam Bernstein acc
Page 31 and 32: Malaysia loses its shine ACCORDING
Page 33 and 34: LIFE AUTHOR - Glen Bullivant FCICM
Page 35 and 36: THE 2021 CICM TURNER LECTURE THE LA
Page 37 and 38: STATISTICS Data supplied by the Cre
Page 39 and 40: WWW.BAKERING.GLOBAL SOUTHERN EUROPE
Page 41 and 42: Each of our Corporate Partners is c
Page 43 and 44: EDUCATION & MARKETING Booking your
Page 45 and 46: Apprentice profile AUTHOR - Sean Fe
Page 47 and 48: EDUCATION & MARKETING CICM Virtual
Page 49 and 50: ADVERTORIAL The AI Advantage: Why t
Page 51 and 52: BE ONE CLICK AWAY FROM OUR WEBSITE
Page 53 and 54: CSA Apprenticeships The CSA is an a
Page 55 and 56: TRAIN FOR THE YEAR AHEAD My Learnin
Page 57 and 58: CHARTERED INSTITUTE OF CREDIT MANAG
Page 59 and 60: GET TUNED IN CICM is proud to intro
Page 61 and 62: FOR ADVERTISING INFORMATION OPTIONS
Page 63 and 64: View our digital version online at

CM October 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?