Jennifer Sims, Senior Consultant at Xledger

The world of finance software is evolving quickly, but with many new software contenders entering the market it can be a mindfield for organisations. Many finance teams are already using multiple accounting apps and software packages for bookkeeping, payroll and invoicing to service individual needs. Whilst it may work fine for now, this segregated approach isn’t sustainable for long-term growth. The world is swiftly moving to agile, automated ways of working. As a result, there is a growing need to choose suppliers that can fulfil multiple functionalities within the one platform.

Financial software is evolving at such a pace that it can be difficult to keep up. Changing up a finance solution is a big step and ease of migration can be a substantial factor in determining which solution provider to go with. But how do you choose a solution that will grow with your business and still offer something innovative in five or ten years down the line? The fear is always that non-techie organisations will end up falling behind, but in such a highly concentrated industry, how do you decide which solution would work best for you?

Cloud-first: the term that makes all the difference 

You could find a ‘cloud-based’ service with an application that comes with automated audit trails to make it easier to meet compliance and record-keeping obligations, for example. But for a solution to offer all of the many future benefits promised by the cloud, it needs to have been built specifically for a cloud environemt from the outset – ie. not an on-premise built system that has been later adapted. Cloud-first services (true cloud) were always intended to leverage economies of scale, cope with live updates, be accessible from anywhere with an internet connection, and to scale rapidly, to name just a few of the many benefits.

When we talk about innovation in financial technology, we’re not just talking about software that makes it easier for the financial controller to create reports. If eliminating reliance on Excel spreadsheets is the only tangible benefit you have to really shout about, you are missing out on the real deal. With ‘true’ cloud finance software the sky is the limit.

Finance and accounting technology needs to directly meet the needs of the finance function and support the wider business needs.  When looking at accounting software platforms you’d be hard pressed to find one that doesn’t now promise ‘cloud-based’ enterprise resource planning (ERP) capabilities. The cloud is nothing new, but it’s the way that a solution harnesses this environment that makes a real difference. And here is where there is a need to read between the lines.

Automate more with true cloud 

Historically, repetitive and manual tasks are typical of the finance role – from invoice postings to expense claims handling – these can overwhelm the finance team. Research by Xledger^[1] has found that an enormous 91% of CFOs and finance decision makers are carrying out at least one of these repetitive tasks as part of their job. What’s more, senior finance leads are averaging a whopping 25 hours per week carrying out repetitive and manual tasks, compared with 15 hours for other finance decision makers.

A modern, true cloud finance system can enable your business to automate repetitive tasks and provide one source of truth so that teams can make informed business decisions that will help to scale a business. Bank reconciliation, dashboard creation and reporting are just some of the tasks that can be handled automatically.These capabilities are aiding overtasked finance teams and saving hundreds or thousands of hours a year.

Whilst different companies are at different stages in their digital transformation what is clear is keeping up with the latest technology is fundamental to the future success of an organisation.

Xledger is a true cloud finance solution. The basics include invoicing, robust general ledger accounting, detailed slice and dice reporting, purchase orders, billing, VAT reporting, and cash and bank payments. It also adds process and structure to the enterprise with procurement and inventory, budgeting and forecasting, and project accounting. Users are always on the latest version of the software and with regulation more stringent than ever today, Xledger is ISO 27001 accredited.

Choosing the right provider for your financial ERP solution comes down to whether it has the fundamentals right. When hosting all of your vital data in the providers’ own servers, it should evidence a highly tested security process that comes with backup services as standard.

As our demand for technology capabilities grows and as ERP models progress, innovation will become the structure for growth – and there is no end to the possibilities.

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST

Top executives from Wall Street’s largest banks pinpointed cybersecurity as the greatest threat to America’s financial system, at a Congressional hearing that took place in May.

The concern of financial industry leaders with cyber-attacks is neither surprising, nor new. The attraction of cybercriminals to banks and other financial institutions makes sense, given the fact that the financial sector functions as gatekeepers – not just of financial assets, but also of valuable Personally identifiable information (PII).

Threat actors are attracted to attack financial institutions to earn a profit through increasingly sophisticated attacks that range from ransomware attacks to identity theft. But while the threat continues to grow, there is much that can be done to mitigate the risks.

The Downsides of Digital Banking

The number of attacks on financial institutions increased sharply in the last two years due to the upheavals wrought by COVID-19, which prompted a dramatic rise in the number of online transactions.

With so much of today’s financial transactions done on both web and mobile devices, threat actors have more opportunities than ever before. Take, for example, the growing importance of Man in the Middle (MITM) Attacks, which impersonate another party online and give criminals access to personal data, passwords, and banking details.

With the widespread adoption of digital banking, consumers have become increasingly worried about cyber-attack. As a result, there’s growing demand to create better consumer protection laws that respond to the rapidly evolving technology. The U.S. Federal Trade Commission (FTC), for example, recently strengthened security safeguards for consumer financial information.

It’s Not “Just” About the Money

Financial organizations are at risk not just from threat actors looking for profit, but also from nation-states and hacktivists acting out of idealistic motives or as a means of achieving specific political ends.

The most famous examples of this type of attack include Russia’s 2016 attack on Ukraine’s electric grid and North Korea’s 2017 attack on Britain’s National Health Service.

Because of the extent of the damage that this type of attack could cause, NATO established cyberspace as the “fifth domain of warfare” in 2016. It developed a definition of when foreign factions are banned from attacking financial institutions, due to the fear that this type of attack could directly lead to a country’s destabilization.

Recognizing Risk Factors

The digital transformation of financial services helps banks and other financial institutions provide more a more convenient customer experience.

And while significant customer demand has led many banks to implement changes such as the transition from legacy to cloud-based solutions, these shifts also have the potential to create additional security risks.

For example, if we’re talking specifically about cloud migration, there’s need for additional security layers to protect organizations working with public cloud providers from the range of attacks targeting the financial sector: ransomware, account takeover, data theft and manipulation, phishing attacks, identity theft, and more.

Another example is the extensive use of third-party vendors, which has increased the risk of attack for organizations in the financial sector. Because third-party vendors enlarge the attack surface, they create more entry points to the system and make it harder to protect customer data.

Accelerating Detection & Response

By adopting an agile approach that supports continuous improvement, financial organizations can facilitate proactive identification of evolving threats and vulnerabilities in the wild. More specifically, by placing an emphasis on use case optimization – which starts by mapping out an organization’s threat detection gaps to a framework such as MITRE ATT&CK – enterprises can prioritize threats and invest their time and resources in mitigating risk more effectively.

For organizations transitioning to the cloud, what’s key is managing the migration process in a way that provides optimal visibility in the cloud and supports ongoing optimization at the enterprise level. Digital playbooks are a crucial tool in providing improved detection and response, creating automated or guided responses that allow faster, more effective, collaborative action.

The development and regular review of incident response plans similarly allows for efficient response in emergency situations and helps reduce the business impact of cyber-attacks.

Targeted Threat Intelligence

Threat intelligence that’s tailored to the financial services sector is another key component of timely detection and response. By working with expert Cyber Threat Intelligence (CTI) services, organizations can obtain up-to-date information about industry-specific threats in real time – information that is a highly valuable tool in strengthening the defense of an enterprise.

Cyber Hygiene

Employees make mistakes; after all, it’s only human. But these errors can lead to massive data breaches. For example, when someone clicks on a phishing email or leaves passwords for a company computer on a slip of paper that’s easily seen by the wrong person, the damage can be astronomical.

Providing regular cybersecurity training programs for employees can help minimize the risk of an accidental or careless action leading to cyber-attack. To be effective, training programs should not only explain how to spot cybersecurity risks like phishing emails but should also discuss how and where it’s safe to access company information.

Aside from employee training, there are fundamental cybersecurity-related decisions that should be implemented at the enterprise level such as Zero Trust, DevSecOps, and multi-factor authentication (MFA). From a policy perspective, for example, it’s crucial to enforce MFA for all applications. Moreover, technology-related vulnerabilities can be minimized through frequent patching and updates for systems. Audits, as well as vulnerability and penetration tests, must be conducted regularly.

For the Financial Sector, “Best Practices” are Key

With the growth in number and complexity of cybersecurity attacks on financial organizations and the increased risk of nation-state attacks, proactively approaching the question of cybersecurity and implementing “best practices” makes the difference in reducing the degree of risk to an enterprise.

By modernizing the SOC with a carefully navigated migration to the cloud, adopting continuous improvement of use cases and the development of digital playbooks that improve detection and response – as well as by leveraging targeted threat intelligence and maintaining strong cyber hygiene – enterprises can put themselves in a stronger position to minimize the potential business impact of a cyber-attack on their organizations.