Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

CYBER AND REPUTATIONAL RISK: FINANCIAL SERVICES TECHNOLOGY SYSTEMS UNDER PRESSURE

By Keith Saxton, Independent Director and Advisor, Chairman of TechUK Financial Services Council

Cyber security is a huge threat for organisations as the world continues to digitise. How they protect their valuable data and keep innovative hackers out is directly linked to reputational risk. However, if organisations don’t already have their software infrastructure in the best possible shape, how will they be able to deal with the growing cyber threat? Put simply, cyber security is yet another business challenge, but perhaps one that finally galvanises organisations into addressing their technology infrastructure headaches.

Keith Saxton
Keith Saxton

Failing to address software quality from the very start, at the structural level, puts businesses on the back foot.Strengthening at the roots is the most effective way to truly combat cyber threats. Difficult though it may be, system-level performance in general is what needs to be addressed. It’s time for organisations to up their game. The Financial Services industry is a connected one, and governments and regulators are starting to apply more pressure on Financial organisations to secure their systems, to protect the entire network.

System-level software quality plays a huge part in the overall cyber performance of an organisation. The impact of weak software systems can be severe. Take the SWIFT banking debacle for example, as a lesson on how not to get it right. Even if the Bangladesh Bank, the first to be hacked, had implemented better security procedures. It is in building more robust structural software rather than relying on network security products that results in more secure and functional systems.

Organisations need to be aware that firewalls, antivirus and anti-fraud software are not enough to fully protect themselves in the age of ingenious cyber criminals. They offer a barrier, but not an unbreachable one. The complex hacks of today are easily capable of infiltrating multiple security components. Complete, comprehensive security starts with good structural code foundations.

The Financial Services industry looks set to continue being an appealing target for hackers. They hold sensitive information, both personal and financial, so any openings or gaps in security are likely to be fully exploited by hackers.

Software created with strong, fundamental architectural designs perform best. When there is an emphasis on core health factors such as reliability, functionality, robustness and security combined, it becomes a much harder job for hackers to find cracks in the foundation. Software design that doesn’t follow best practises, such as those detailed by CISQ (the Consortium for IT Software Quality), result in vulnerabilities, especially in complex legacy systems, offering an easy passage for entry into the network.

Building structural code meeting industry standards, with security designed and built into every stage of the application as it is coded, ensures reliable, secure and resilient IT performance. It is also important to assume all new applications to have encryption. Whether outsourced or coded internally, failing to do this will result in unsecure applications. When outsourced, it is vital the quality of coding is not ‘lost in translation’. Despite this, the most recent Financial Services CRASH Report from CAST reveals outsourced applications are actually sometimes more secure.

Financial organisations looking to avoid suffering cyber-attack damage and reputational risk must not let weak structural code quality and overlooked vulnerabilities affect their bottom line. The future looks better as tougher cyber regulations are set to be imposed and attitudes towards protecting systems seem to be changing. Given the consequences of successful cyber-attacks, it’s not a surprise leading banks are suggesting joining forces to combat the threats withglobal cyber security standards, which would spell the end of the ‘blame game’. If an organisation gets compromised, the responsibility will lie solely with them. The message is clear: clean up your act.

Whilst the threat continues to rear its ugly head, organisations who have a top-level commitment to security have the opportunity to stand out from the crowd. When security is done well, it enables better enterprise performance. Those who build the strongest foundations are not only in a better position to minimise risk, both reputational and financial, but also to drive tangible business value.