Connect with us


Managing third party risk: how to choose the right MSP



By line: Leyton Jefferies, Head of Cyber Security Services, CSI Ltd 


As a financial services organisation, you might think your security is top-notch, but are you sure your Managed Service Provider’s (MSP) is too? In a recent advisory note, the ‘Five Eyes’ intelligence alliance (UK, Australia, Canada, New Zealand and the United States) reported an increase in hostile cyber activities targeting MSPs. They urged MSPs to harden their cyber security practices. The report highlights that downstream risks to clients are likely to occur when an MSP falls victim to cyber vulnerabilities, which could result in an eye-opening digital supply chain attack.

MSPs are vulnerable as hackers use the logic that if they attack, and successfully gain access to an MSP, they will get access to dozens or hundreds of customers. A high-profile supply chain cyberattack involved SolarWinds, a provider of IT management software back in December 2020. The attack involved malware, which spread around all of SolarWinds’ customers via their normal software update. Customers targeted included US Government agencies. A ransomware attack on US MSP Kaseya last year also affected up to 1,500 of its customers. And this year, targeting MSPs resulted in a cyberattack that caused the outage of the NHS 111 service.

Whilst the ‘Five Eyes’ advisory caught headlines as a lesson on hardening cyber security best practices, there’s a strong message that businesses using MSPs must make sure they pick the ones leading by example.

Research by the Department for Digital, Culture, Media and Sport (DCMS) shows only 12% of organisations review the cyber security risks coming from their immediate suppliers. Only one in 20 firms (5%) address the vulnerabilities in their wider supply chain.

The ‘Five Eyes’ advisory makes it clear that MSPs are under increasing attack and need to set an example of what cyber security should look like from the inside out.

So, how can companies assess the cyber security practices of their MSP to ensure they don’t become their security Achille’s Heel?

Leyton Jefferies

Here are the 7 traits you need to identify to be sure your MSP has a strong security stance:  

1. Compliance  

MSPs are now being viewed as essential service providers by the UK Government. Resultingly, its Network and Information Systems (NIS) regulations is now being extended to MSPs. This means that essential service providers will be required to undertake risk assessments and put in place reasonable and proportionate security measures to protect their networks. They must report significant incidents and have plans to ensure they quickly recover from them.

Although strict adherence to the Government regulations will soon be a minimum requirement, you should look for MSPs that can also demonstrate best practice in this area. Certification to a benchmarked standard such as ISO 2001 for information security and ISO 27032 for improving the state of cyber security is one of the best ways to tell that the cyber security plans of your MSP meet the industry standard.

2. CIS Benchmarking 

The Center of Internet Security (CIS) has developed CIS Benchmarks, a set of globally recognised best practices to help security practitioners implement and manage cyber security defences. They exist to help organisations improve their cyber defence capabilities.

CIS also controls the map to many established standards and regulatory frameworks, including the NIST Cybersecurity Framework (CSF) and NIST SP 800-53, the ISO 27000 series of standards, PCI DSS, HIPAA, and others.

3. Depth of knowledge of security issues and tools  

There are a bewildering number of options when it comes to security tools for businesses, but an MSP should have a good understanding of your business and the security issues you face in order to evaluate your needs. Tools can be categorised as:

Email management: To protect against spam, malware, ransomware and identity spoofing and they should also offer encryption, archiving or advanced threat protection.

Advanced Endpoint Protection: This exists to satisfy the needs of a remote workforce and variety of end-user environments. As well as antivirus software, an MSP should also be able to recommend Endpoint Detection and Response (EDR) to identify suspicious system behaviour, block malicious activity and recommend action to restore affected systems.

Web filtering: This includes the use of the Domain Name System to block malicious websites and unsafe content. This can help organisations control what websites employees are using and reduce likelihood of phishing attacks and malware.

Managed Detection and Response (MDR) is a 24/7 threat detection and response offering to protect online operations.

Penetration testing: An MSP should be able to offer you the expertise to carry out advanced pen testing; simulating a cyberattack so that you can better understand the vulnerabilities within your organisation’s infrastructure.

Phishing prevention: Enhancing employee awareness around phishing attacks could be your organisation’s best line of defence. An MSP should be able to understand the specific needs of your organisation and deploy, manage, optimise and leverage security awareness training and phishing simulation techniques to meet them.

4. The ability to connect the dots between disparate tools and skillsets  

A large, disconnected toolkit doesn’t win security battles. Having the expertise to deliver cutting-edge threat detection, response and resolution is how modern enterprises can reduce cyber security risks. An MSP should be able to bridge security gaps and vulnerabilities and offer access to advanced technology and skilled resources.

5. Security that doesn’t sleep (i.e. it’s 24/7 or “always on” and alerted)  

To identify problems before they even occur, an MSP should be able to demonstrate round the clock security provision for your business. The benefit of having an MSP handle your security is that they are free from distraction so they can focus their time and energy on finding indications of threat or compromise. Your partner should be able to demonstrate its ability to continuously monitor for anomalies to ensure risks are reduced and your business is safeguarded.

6. Layering of appropriate technologies (and taking a tech-neutral approach for best outcomes) 

A vendor and technology neutral MSP model – in which the MSP prioritises outcomes above a technology vendor – means that they can focus solely on putting the best interests of your business first. Apply a degree of caution to any MSP that is attempting to drive spend towards one service provider more than any others.

7. Value-add versus simple reselling 

It’s important to review how much value your MSP will provide you as a business. This isn’t simply to do with price or service – although both are important – but it applies to the impact and relationship that it offers you as a trusted partner.

Can your MSP report to you in metrics that matter to you as a business? For example, can it demonstrate the % of downtime it’s preventing or the number of malware attacks its tools are preventing at the weekends or late at night? For an MSP to add value, they need to understand your specific requirements and get ‘under the skin’ of the business.

Your MSP should be able to proactively recommend cyber security services(  from a full portfolio without leaving gaps or vulnerabilities in your overall security posture. For example, a security solution stack should provide a first and last line of defence, as much as route to recovery in the event of a breach. The big question is, does your MSP have the skills and resources available to make sure you win key security battles?

By working with the right MSP, you can not only maintain a strong security posture as a business, but also demonstrate to customers that you take the management of third-party risk seriously.


Poor software testing puts banks at high risk of IT failures



 Sune Engsig, VP Product at Leapwork


IT failures have plagued the banking industry for several years. From the TSB computer systems meltdown in 2018 costing the bank £330m and causing 80,000 customers to switch to a competitor, to Lloyds, Halifax and Bank of Scotland suffering an IT glitch on payday this year with customers’ faster payments and transfers being delayed.

Despite MPs calling for regulators to act, condemning the number of IT failures in the financial services sector as ‘unacceptable,’ the industry continues to let them happen leaving more and more irate customers locked out of their accounts. But with bank branches disappearing fast, customers are now far more reliant on online and mobile banking, so ensuring technology systems function correctly is paramount.  When you consider the complex compliance and regulatory setup of banks and other financial institutions, and the fact that they are dealing with incredibly sensitive customer information, those that do experience outages can face irreversible consequences such as loss of customer loyalty, severe reputational damage and regulatory fines.

A critical step in mitigating IT failures is having effective testing capabilities in place to find and fix any errors before new software is rolled out to market or new IT migrations take place. This lowers the risk of software failures and outages occurring after launch. Yet, 70% of software testers in banking and financial services think it’s acceptable to release software that hasn’t been properly tested, so long as it’s patched later, according to research by Leapwork. Furthermore, only 40% think software failures are a big risk to their company. But when the impact of an IT failure is so severe, why do banks still take risks?


Software testing challenges

Despite the swathes of software businesses now rely upon, 85% of software testing is still done manually. When it comes to the banking sector, as these institutions continue to develop new digitised products and services with increasingly sophisticated and customised software, it is clear that manual testing can no longer be the default. It is time-consuming, cannot scale amidst a skills crisis, and leaves companies open to human error.

There is a huge amount of pressure on IT teams to develop and release new software or manage new IT migrations. A critical step on this journey is having effective testing capabilities in place, like test automation, to find and fix any errors and bugs before new software is rolled out to market. This lowers the risk of outages and failures occurring after launch, which can negatively impact a company’s reputation and bottom line.

However, while some organisations recognise the value of automation tools, many continue to rely too heavily on code-dependant tools which, while an improvement on manual testing, are incredibly complicated to use and thus require specific skills and experience to operate. This means they too are impossible to scale, as they often depend upon developer skills.


Skills shortage forcing banks to take risks

Ensuring you undertake proper software testing seems like a no-brainer, but 40% of software goes to market without sufficient testing. The reason why; one in five (21%) of banking and financial services testers say ‘lack of available skilled developers.’ As companies transition from manual to automated testing, which typically requires coding skills, the major global developer skills shortage is creating bottlenecks, increasing costs and delaying project delivery times as development teams try to upskill manual testers, hire new talent or lean on existing developers.

As a result of the skills shortage, only 30% of testers in banking and financial services say they’re using some element of automation (i.e., an automation tool or a combination of manual and automation). In fact, 40% of CEOs across all industries think the fact that their company still relies on manual testing is the main reason why software isn’t tested properly, with 58% of testers in banking and financial services saying ‘underinvestment in test automation’ is the reason sufficient testing does not occur.


Testing issues not on CEOs’ agenda until too late

Across all sectors, 69% of CEOs think it’s acceptable to release software that hasn’t been properly tested, so long as it’s patched later, but 68% of testers claim their teams spend five to 10 days per year patching software. While nearly all testers express concern that insufficiently tested software is going to market, the overwhelming majority (75%) of CEOs say they’re confident their software is tested regularly. These numbers show a huge disconnect between CEOs and testers indicating that testing issues are falling under the radar and not being escalated until it’s too late.


Moving toward an automated future

Banking and financial services have been thought of as slow-moving and lacking innovation in the past. That isn’t the case anymore, as we’ve seen the industry take great strides towards digitalisation in recent years. However, with that digital transformation and integration of software comes outages, the consequences of which mean millions of pounds lost.

UK banks are at high risk of IT failures due to insufficient software testing, and a reliance on manual testing. On the current trajectory, more and more banks will struggle with failures and outages which could cost them a significant amount in financial and reputational damage. To minimise risk, they need to transition from manual to automated testing and explore testing options that don’t require coding skills so it’s easier to hire in talent or upskill existing team members, whether that be testers or everyday business users. Only then can they increase productivity and time to market while decreasing risk and costs.



Continue Reading


Financial Services Makes Gains In Employee Engagement



By Phil Chambers, GM Workday Peakon Employee Voice 


A new report shows that the financial services industry improved in almost all elements of employee engagement last year. Can such momentum be sustained?

After more than two years of change, one thing is certain: keeping workers engaged has become more challenging – and more urgent. Record numbers of workers have left their jobs in the UK. And, as turnover has increased, employee engagement – people’s mental and emotional investment in their work and workplace – has been tested. In today’s climate, engagement isn’t a nice-to-have; it’s a business imperative – especially as companies with engaged employees are known to reap benefits including higher productivity, customer satisfaction, and profitability.

The financial services industry hasn’t been immune from the so-called Great Reshuffle. But, according to Workday’s latest State of Engagement Report, it did make measurable gains in employee engagement during 2021. Of the 17 industries analysed, financial services’ engagement ranking jumped from ninth to fifth place.

The report analysed nearly 9 million employee responses from almost 2.5 million employees throughout 2021. It compared the engagement scores given by employees working in different industries over the 12-month period, as well as scores for the 14 drivers of engagement – including autonomy, goal setting, meaningful work, reward, and recognition.

Organisations in the financial services industry have been considered less   quick to evolve than others. PwC recently characterised insurance companies, for instance, as “traditionally risk-averse and slow to change”. But, as the report shows, financial services clearly made some improvements. It is noteworthy given the enduring pandemic-related economic turbulence of 2021 – and the fact that during that time global engagement scores overall slightly declined.


Where The Financial Services Industry Improved in Employee Engagement

Remarkably, the financial services industry saw increased rankings and scores in all but one of the 14 engagement drivers that the State of Engagement report measures.

Of all 17 industries analysed, financial services took top place for goal setting by the end of 2021 (up from sixth at the start of the year) and landed among the top three sectors for strategy and recognition too. These strong results indicate the industry provided clear direction to its people at both individual and organisational levels, and appropriately recognised employees when they met their goals.

The improvement in the industry’s overall engagement, however, was driven largely by a sizable increase in its environment driver score in 2021, suggesting that a significant number of employees responded positively to having more freedom around where they worked during the pandemic. Before the pandemic, it was unusual for financial services firms to offer flexible options at all. But, in 2021, more than ever before, many firms’ employees were working remotely or enjoying a hybrid of both remote and in-office work – as and when offices started to re-open. This unprecedented choice in where, how, and when they worked was appreciated, as the report indicates, by many workers in the sector.


Where There’s Room For Improvement

As the report found, many employees feel the amount of work they have is increasingly unmanageable. Workload continues to be a pain point across all industries globally, with workload satisfaction scores dipping slightly in 2021. At the end of the year, financial services received its lowest engagement-driver score for workload and ranked 11th among the 17 industries analysed.

This indicates employees in the financial services industry found their workload less manageable as the year progressed, which is perhaps unsurprising when considering the pandemic’s ongoing toll in many parts of the world, and the fact that remote working can lead to ‘always-on’ work lives.

To help mitigate burnout risk and diminished engagement going forward, financial services leaders and managers will need to stay close to their employees in the months ahead to find out how they can best support them, whether that’s with additional resources, greater work flexibility, or updated benefits. By regularly staying abreast of people’s needs and taking the necessary action, organisations can spot potential problems before they lead to resignations.


What The Industry Should Avoid Going Forward

In recent months, we’ve seen some financial institutions try to take a “return to normal” approach, requesting their people go back to working onsite five days a week. But, as the report shows, this approach may not be the best one for everyone, particularly as the past two years have revealed that many employees appreciate and benefit from a greater degree of flexibility.

Of course, not all organisations will be able to provide hybrid or remote arrangements for all their people. But greater flexibility doesn’t necessarily have to mean working remotely. It could mean more flexible scheduling options, or a shift in working hours to enable a greater work-life balance.

Either way, to retain the engagement gains achieved in 2021, the financial services industry should resist the temptation to look back, and must instead take learnings from the past two years. Amid so much economic and societal change, and with employees continuing to shift jobs in record numbers, companies cannot simply go back to before, but need to continue moving forward, listening to the needs of their people, and leading with empathy.

Specifically, leaders and managers in financial services will need to stay closer than ever to employee feedback, going beyond listening and working fast to implement change accordingly.

For the industry to continue making positive gains in employee engagement, it will need to: consider how to retain a degree of flexibility – updating models to reflect evolving employee needs; continue to provide clear individual and organisational direction to those working remotely and on site; create and maintain more manageable workloads through prioritisation and automating repetitive tasks; and continue to reward and recognise employees for their hard work and achievements.

While great strides were made last year, it’s more important now than ever that leaders in the financial services industry determine and understand how employees are feeling so that organisations can explore and shape a future of work that works for everyone.

Continue Reading



Banking2 hours ago

Poor software testing puts banks at high risk of IT failures

 Sune Engsig, VP Product at Leapwork   IT failures have plagued the banking industry for several years. From the TSB computer...

Finance5 hours ago

The Importance of Experienced Customer Service Advisors in Finance

If there is one thing which can be said about the finance sector, it would be that as a customer-facing...

Business2 days ago

Financial Services Makes Gains In Employee Engagement

By Phil Chambers, GM Workday Peakon Employee Voice    A new report shows that the financial services industry improved in...

Business3 days ago

The FTX collapse: Lessons learnt for the CFO

Hartmut Wagner ,CEO of Serrala   ‘A complete absence of trustworthy financial information’ were the words used to describe the...

Business3 days ago

Black Friday, Cyber Monday and beyond: The inevitable shift to mcommerce

Arunabh Madhur, Regional VP & Head Business EMEA at SHAREit Group   Last year, we saw explosive growth in Black...

Business3 days ago

Keeping your options open and flexible: How to manage cloud migration for Financial Services Organisations

By Rachel Mcelroy, Marketing Director at Cloud Gateway   Financial Services Organisations, such as banks, insurance firms, and accounting firms,...

Business3 days ago

What makes a good entrepreneur?

By Emma Lewis, Myriad Associates Ireland   Many of us have dreamed of coming up with the next big thing...

Finance3 days ago

Things To Think About Before Starting Your Cryptocurrency Investment Journey

Making the decision to start investing can be an exciting time. Knowing that you’re going to be taking a more...

Banking3 days ago

How banks can increase customer acquisition and user engagement with sustainability

By Karolina Szweda, Head of Growth Marketing at Connect Earth Young people are demanding more innovation from traditional financial institutions,...

Banking3 days ago

The new blueprint for Open Finance? – A look inside the new Saudi Open Banking Framework

Chris Michael, Co-Founder & CEO, Ozone API   It has been a genuine privilege for all of us at Ozone...

Business4 days ago

How intelligent AP automation can put construction businesses on solid ground for growth

Cody Manning, NORAM Chief Sales Officer at Yooz   The ability to access personal emails, utility bills, invoices and other...

Finance4 days ago

Unlocking the power of AP Automation to tackle payment fraud in an economic downturn

Daniel Ball, SVP Innovation at Medius   Fraudulent activity in the workplace is not stopping any time soon. According to...

Business5 days ago

Why building trust in the workplace should be an employer’s priority

Emma Price, Head of Customer Success of ActiveOps discusses why managers should focus on workforce trust to negotiate the management...

News5 days ago

Times International and SaaScada partner to deliver innovative trade and commerce financial solutions

Global trade is forecast to increase between 30% and 70% by 2030, with 80% relying on trade finance. With traditional...

Top 105 days ago

Top 5 Holiday Season Fraud Trends

By Doriel Abrahams, Head of US Analytics, Forter With International Fraud Awareness Week and the holiday shopping season officially underway,...

News5 days ago

3S Money partners with Crown Agents Bank to boost international trade

3S Money, the UK Fintech scaleup, has partnered with Crown Agents Bank to offer 33 new currencies to its corporate...

Business6 days ago

How Startups Can Use Digital Technology to Strengthen Their Businesses in the Face of a Recession

Gemma Dodd Brand Development and Marketing at Shift6 Studios   Startups are often lauded for their innovation, creativity, and willingness...

Business6 days ago

Planning for Power Outages: Why Business Continuity Matters More Than Ever

By Tom Cole, Managing Director, Abacus Group   Will the UK face power outages this winter? While mass blackouts are...

Finance6 days ago


By Buntu Bam, certified financial planner at Alexforbes As we journey through life – from our first jobs to marriage and...

News6 days ago

Leaders recognise the importance of green transport at COP27, but we need data

By Devin De Vries, CEO, WhereIsMyTransport   The COP27 summit, which recently wrapped up in the Egyptian resort city of...