Connect with us

Finance

ARE FINANCIAL SERVICES COMPANIES RISKING THE CONSEQUENCES OF A DATA BREACH?

Published

on

By Andrew Fitzgerald sales director for Western Europe and Sub-Saharan Africa – Cohesity

 

Financial services companies need to be doing data management right, or face the consequences of a data breach.

Financial institutions manage a large volume of sensitive information about their customers. However, the protection of sensitive data in line with regulations, both for banks and other financial services organisations, is currently a big challenge.

For these organisations, data backups and the ability to recover from them aren’t just about getting the business up and running after a hardware failure, as important as that is. They are also about much more.  Financial institutions are, quite rightly, subject to a huge array of regulations from those of a general nature such as General Data Protection Regulation (GDPR) to a myriad of others specific to different aspects and services, such as MIFID II.

By their very nature, financial services companies need to be up and running continuously. Any unplanned breaks in service, for whatever reason, from a ransomware attack to an accident,  to a systems failure, or even, potentially, state-sponsored attacks, simply must be avoided. Financial services companies just can’t afford the monetary losses or the reputational damage that would result from downtime of services that allow customers to access their money.

 

Compliance matters for backups too

When it comes to compliance, there are requirements for backups as well as for live production systems. Consider the GDPR, for example. It requires that organisations must not keep personal data for longer than it is needed, and data must be regularly reviewed to be sure it is still needed. Individuals also have a right to ask for their personal data to be removed too. How this is done varies from application to application, but ensuring you don’t re-populate an application with data that is no longer required from a backup is a necessity.

There is also a requirement under GDPR to respond to individuals’ requests within a month [SV1] of them being made. That is a fair period of time, but issues such as ransomware attacks can leave an organisation without access to its complete data for considerable periods, and as we have seen recently, backups are not immune from attack, in fact they are now a focus for certain attack types, especially those stored on a network attached storage device.

 

The basics of backup and restore

In this context, the National Cyber Security Centre [SV2] advises organisations to maintain recent offline backups of all their most important files and data. Still, the evidence suggests that not all organisations have the kind of backup systems in place that will allow data recovery. Sophos surveyed 5,000 IT managers in 26 countries for its The State of Ransomware 2020 [SV3]  report. It found that just 56 percent of organisations undergoing a ransomware attack got their data back via backups (26 percent paid the ransom, 12 percent used ‘other means’, and 6 percent didn’t get their data back at all).

The implication in all of this is that the backup is the tool of last resort.  But even in that role, it isn’t necessarily fulfilling its purpose. You could infer from this research that most enterprise backups are only able to do the job just over half of the time. But it doesn’t have to be like this, and for financial services companies that really can’t afford downtime whatever its cause, there is a strong argument that backups need to assume a much wider role.

 

Reimagining backups

It is perfectly possible for a backup system to analyse the production environment versus the data it holds in order to detect if any major changes have been made that could in turn signify an attack being made. A modern system can also scan VMs for open vulnerabilities even if there is no attack, to ensure threat prevention can take place.

As mentioned, to ensure a payout, cyber criminals are not just attacking the production environment now, but increasingly targeting backup data and infrastructure. This effectively hobbles the “insurance policy” organisations depend upon when disaster strikes. The attackers are often exploiting weaknesses associated with legacy backup solutions architected before the advent of the ransomware industry. Before encrypting the production environment, sophisticated malware is known to destroy shadow copies and restore-point data. Due to its underlying architecture these malware make legacy backup infrastructure easy prey rather than a solid defence against ransomware attacks.

It might seem a little strange to suggest that financial services companies reinvent their approach to data management by paying closer attention to their backups. But it is time to realise that data backups are much more than the ‘necessary evil’ that you create as an insurance policy and file away, never to revisit. Especially, if these backups sit on legacy infrastructure, architected many years previous.

Since the financial crisis, there has been a wave of regulation with a significant part of it aimed at ensuring banks have sufficient capital and liquidity.

Now, in 2020, backups are both a living insurance policy against the times when the worst happens (and in some shape or form it inevitably will), and a part of your data management system that is as relevant to regulatory compliance requirements as your live systems are.

These improvements to modern data management will bring financial services companies and banking systems through the COVID-19-related economic crisis in reasonable shape, and afford themselves a head start for future data-driven innovation. Let’s hope it doesn’t take a specific problem before the community realises this and gets its act together.

 

Banking

LEGACY INFRASTRUCTURES MUSTN’T HOLD BACK INNOVATION IN FINANCIAL SERVICES

Published

on

By

Ian Perry, Principal Solution Architect at Zscaler

 

We are living in a changed world; one of hybrid home/office work and customers who may never return to bank branches and the services of the high street. According to RFi Group, 73 per cent of UK consumers interact with their main bank via digital banking at least once a week, and only 23 per cent believe nothing can replace what they get in a branch. Meanwhile, institutions including JP Morgan, HSBC and Nationwide have all indicated an intention to retain new higher levels of homeworking.

Now that employees work from a multitude of locations and customers bank and manage their money online the race is on to adapt processes, systems and support structures for safe, secure and productive homeworking and digital access for customers. Inevitably, this calls into question legacy infrastructures in financial services and how they might impact digital progress.

 

New tools, old systems?

The question is, how can banks and other financial institutions securely provide a higher level of remote access to their systems and applications when incumbent infrastructures were developed for an entirely different time?

Of course, the first thing to note is that banks aren’t coming at the problem from a standing start. Oft-cited legacy infrastructures have been added to over time so that many set-ups are now an on-premise/cloud-hosted hybrid. In fact, the finance sector has invested heavily in cloud infrastructures and cloud-based office applications.

The issue is how to harmonise this set-up so that it works for users and organisations as a whole. Here, there is work still to be done. It’s often the case that core banking applications remain in mainframe on-premise networks, whilst other operational tools reside in the cloud. Cloud-based Office 365 is a case in point. It supports digital working, as organisations need it to, but a range of its benefits and functions are at odds with legacy network setups.

Inevitably, when a product or service innovation reaches implementation planning stage, the starting point is the existing network, its systems and processes. The hard part is flipping this approach to assess what the resulting experience will be from the user point of view, but that is exactly what’s needed. It’s an approach that competing market disruptors have been ideally placed to adopt from day one.

However, that needn’t mean that financial institutions must completely overhaul their legacy infrastructure – something that would be expensive and complicated. They can still fully capitalise on the benefits of cloud-based services, among them flexibility, productivity, business continuity and the right customer and user experience.

 

Zero Trust without friction

One way is to take a ‘Zero Trust’ approach. As a result of recognised risks, 72 per cent of companies are prioritising the adoption of such a security model. This resets a data security approach from one that traditionally secured the perimeter to one that protects users, devices and business resources.

It’s a shift in emphasis from securing the network to securing each access and doing so without introducing friction into processes for users. We can think of legacy digital protection methods as a visitor getting a key from reception and being allowed to wander around the building, and compare that to a frictionless cloud experience in which a security guard shows the visitor directly to the room they need.

The Zero Trust model lends itself to high levels of remote access, which is exactly the situation organisations are now in. Employees work from anywhere, from a range of devices, and customers access services previously provided in-person online. Applications are no longer exclusively within the data centre, they are outside the network perimeter meaning that traffic must be enabled to run securely through the internet, rather than through corporate IT. Doing so not only equips organisations for the way things are today, it can also reduce the cost of individual site maintenance and enable the full benefit of cloud-based tools.

The technology now exists to make high levels of security completely invisible and so, with a growing number of security processes now taking place in the cloud, educating customers will be key. The industry must come together to improve user interfaces to signal what’s taking place behind the scenes.

With the right security approach, financial services can deliver on new access priorities to support their workforces and serve customers. Convenience, as well as security, should be the aim along with a strategy that ensures legacy doesn’t hold back innovation. That way, banks and other finance institutions can begin to fully capitalise on the benefits of cloud, adapt to meet customer demands as they evolve and compete in a disrupted market.

 

Continue Reading

Finance

HOW CFOS CAN TAKE A HOLISTIC APPROACH TO ENTERPRISE AGILITY

Published

on

By

Frederic Portal, Financials Product Marketing Director, at Workday

 

Whether brought on by a market shift, technological innovation or as we have seen over the last year, a pandemic, change in business is constant. But to survive it, or even thrive in it, organisations must find a way to adapt rapidly, while remaining strong and stable in the long-term. This is where enterprise agility and the CFO come into play. In theory, the concept of enterprise agility — a company’s ability to outperform the competition and drive growth in new, ambiguous situations by learning and adapting — sounds like something every business should inherently do. Yet, many are trying to introduce technology or implement processes before defining and establishing what agility really means to them as an enterprise. In other words, embracing agility should be a holistic approach and crucially must be led by the CFO. The CFO and financial team are instrumental in making sure that a business can lead digital transformation, steer through uncertainty and ultimately, embrace a culture with agility at its core. However, in order to achieve enterprise agility successfully, there are some simple factors that a CFO should consider when guiding their organisations to become truly agile.

 

Enterprise agility starts with the CFO

The last year made it clear that the finance function is leading business recovery. In fact, a Workday survey with C-suite leaders showed that 37 percent of respondents agree that finance is the function most likely to influence digital growth in a business. Overnight, CFOs and their teams had to rethink their processes and leave behind legacy technology in order to keep up with the continuous change that the pandemic now demands. Naturally this prompted a company-wide transformation.

To make sure this transformation towards agility doesn’t stop at technology adoption, CFOs should put practical steps in place, working in collaboration with all senior leadership, from IT to Sales and HR, to build a plan that will guide a wider change within the business. Once a plan is in place, it must be communicated and then reinforced to the rest of the workforce by providing them access to real-time data and cloud-based models. Led by the CFO, this will give crucial insight into payroll, cash flow and planning scenarios. In turn getting the entire organisation on board, creating uniformity and ensuring teams are all working from the same source of truth to move the business forward.

 

Embracing an agile mindset 

When incorporating new agile processes, CFOs must work with all business leaders to define and integrate an agile mindset. Enterprise agility isn’t just a process, it needs to be baked into the heart of the organisation — and its digital transformation agenda — so that teams across the business embrace qualities such as quick thinking, being perceptive and taking action. Adopting this way of thinking and behaving is the foundation for any agile organisation and must begin with the finance department.

Take Aon as an example. The multinational British professional services firm sells a range of financial risk-mitigation products, including insurance, pension administration, and health-insurance plans across 120 countries. By March 2020, COVID-19 resulted in the company’s entire team working from home, which meant Aon’s finance team had to do a fully-remote close. While this had never been attempted before, Aon had baked agility into its financial processes by investing in the right cloud-led, and agility enabling technology. With up to date data, and transparency across the regions, Aon’s finance team was able to close remotely, with one region even being able to close a day early.

 

Empowering agility 

Transparency and accessibility are also key to enterprise agility. So, it’s critical that CFOs empower all departments to work from the same data sources, assumptions and outcomes in their workflows. It is only by prioritising digital transformation and having technology structures up-to-date, that businesses can experience real results, and fast.

Take Netflix, for example. Even in this streaming powerhouse there were improvements to be made to back office processes. Netflix’s back office systems had usability issues due to clunky workflows and limited visibility. Led by the CFO and investing in transforming the back office into one unified system, Netflix was able to introduce an agile mindset across the business that was vital in turning this around. For instance, every time Netflix creates an original show or movie they have to create a legal entity and set up the banking and with Workday it just takes minutes to add it to an existing framework. Implementing the right technology resulted in more efficiency, more agility and fewer silos among the IT, Finance and HR teams.

 

Taking a holistic approach to enterprise agility

The disruption of 2020, and impact COVID-19 has had, is showing no signs of slowing down in 2021. It is simply no longer enough to just deploy new technology or processes with hopes of becoming  agile. In order for an organisation to truly embrace agility, it must take a holistic approach and proactively adopt an agile mindset across the entire organisation and its way of working. This is where the CFO plays a pivotal role.

 

Continue Reading

Magazine

Trending

Business3 days ago

HOW TO CREATE A PROFORMA INCOME STATEMENT FOR YOUR STARTUP?

There are two reasons why you are on this page right now. First, you are just starting with your business,...

News3 days ago

EXPERTS SHARE SIX STEPS TO RAISING MONEY SAVVY KIDS

The ability to manage finances is not something that is known naturally; it must be taught to us as we...

News4 days ago

CORE BANKING FINTECH OHPEN APPOINTS JERRY MULLE AS UK MD TO FUEL CONTINUED GLOBAL EXPANSION

Ohpen, the first fintech platform to bring a bank to the cloud, today announces the appointment of Jerry Mulle as its new UK Managing Director,...

Technology4 days ago

BIOMETRICS: BALANCING SECURITY WITH CONVENIENCE

Jean Fang, Authentication Product Manager and Joël Di Manno, Authentication and Biometrics Laboratory Service Line Manager at Fime   From...

News4 days ago

THE VALUE OF A HEALTHCARE ADVISER

By Rachel Janssens, principal consultant at Alexander Forbes Health   Navigating the vast number of schemes available and sifting through all...

Wealth Management5 days ago

WHAT WILL TRADING FLOORS OF A POST-COVID WORLD LOOK LIKE?

Ganesh Iyer, Chief Marketing and Strategy Officer, IPC   The last year brought around a monumental change to the way...

Business5 days ago

WAYS TO KEEP YOUR HYBRID WORKPLACE SECURE FROM THE IRREVERSIBLE DAMAGE OF A CYBER ATTACK

By Alex Bransome, CISO at Doherty Associates, specialists in managing and securing cloud services in the finance sector.   A recent in-depth study into 3000 UK...

News6 days ago

CONTOUR DRIVES TRADE GROWTH FOR BANGLADESH BUSINESSES WITH DOMESTIC LETTERS OF CREDIT

Aims to onboard 50+ corporates supported by Bangladeshi and international banks in next six months   Contour has launched its...

Business6 days ago

A LOW-CODE LONDON MARKET – THE KEY TO INDUSTRY FUTUREPROOFING

By Richard Farrell, Chief Innovation Officer at Netcall   Aged 332 years, the London Market isn’t new to the need to modernise....

Banking6 days ago

LEGACY INFRASTRUCTURES MUSTN’T HOLD BACK INNOVATION IN FINANCIAL SERVICES

Ian Perry, Principal Solution Architect at Zscaler   We are living in a changed world; one of hybrid home/office work...

Finance6 days ago

HOW CFOS CAN TAKE A HOLISTIC APPROACH TO ENTERPRISE AGILITY

Frederic Portal, Financials Product Marketing Director, at Workday   Whether brought on by a market shift, technological innovation or as we...

Technology6 days ago

HOW CAN THE PAYMENTS INDUSTRY PREPARE FOR SCA WITH BIOMETRICS?

By Vince Graziani, CEO, IDEX Biometrics ASA   Significant developments are afoot in the retail and payments industry, with vendors...

News6 days ago

NEXO STANDARDS EXPANDS SCOPE BEYOND CARD-BASED TRANSACTIONS

Advancements will ease integration of payment acceptance solutions across a range of transaction technology   nexo standards, which offers the...

News6 days ago

TRUSTONIC AND SYNTHESIS PARTNER TO MAKE PIN ENTRY POSSIBLE AND UNLOCK THE MOBILE POINT OF SALE MARKET

Cybersecurity technology leader Trustonic today announces its partnership with software and consulting company Synthesis Software Technologies to increase the opportunities available to businesses...

Business7 days ago

HOW TO ENHANCE THE CUSTOMER EXPERIENCE IN YOUR RETAIL STORE

Do you own your own retail store? Are you hoping that 2021 is the year you are able to grow...

Finance7 days ago

THREE STEPS TO ENSURE RECOVERY OF COVID LOANS GOES SMOOTHLY

In the wake of the pandemic, the government acted quickly to provide financial Covid support packages to help struggling businesses....

News7 days ago

SALESFORCE EXPANDS ITS FINANCIAL SERVICES OFFERINGS WITH NEW PRODUCTS FOR CORPORATE AND INVESTMENT BANKING

Tailored tools integrated into Financial Services Cloud support the industry’s transition to digital-first, helping deals get done from anywhere New...

Finance7 days ago

FOUR STEPS TO INTEGRATING INTELLIGENT AUTOMATION IN THE FINANCE DEPARTMENT

Marieke Saeij, CEO of Visma | Onguard   It’s clear that Intelligent Automation (IA) is still very much an emerging...

Technology7 days ago

READING BETWEEN THE BUZZWORDS: DISCOVERING THE POWER OF INTELLIGENT AUTOMATION?

by Yad Jaura, Product Marketing Manager at Netcall    The nature of automation means that new technologies, ideas and solutions are frequently...

Finance7 days ago

FOR THE FINANCIAL SERVICES INDUSTRY TO THRIVE POST-COVID-19, AUTOMATION WILL BE KEY

By Anubhav Mehrotra- Vice President and Head of Financial Services, UK & Ireland, HCL Technologies.   The economic challenges emerging...

Trending