By Keith Saxton, Independent Director and Advisor, Chairman of TechUK Financial Services Council
Cyber security is a huge threat for organisations as the world continues to digitise. How they protect their valuable data and keep innovative hackers out is directly linked to reputational risk. However, if organisations don’t already have their software infrastructure in the best possible shape, how will they be able to deal with the growing cyber threat? Put simply, cyber security is yet another business challenge, but perhaps one that finally galvanises organisations into addressing their technology infrastructure headaches.
Failing to address software quality from the very start, at the structural level, puts businesses on the back foot.Strengthening at the roots is the most effective way to truly combat cyber threats. Difficult though it may be, system-level performance in general is what needs to be addressed. It’s time for organisations to up their game. The Financial Services industry is a connected one, and governments and regulators are starting to apply more pressure on Financial organisations to secure their systems, to protect the entire network.
System-level software quality plays a huge part in the overall cyber performance of an organisation. The impact of weak software systems can be severe. Take the SWIFT banking debacle for example, as a lesson on how not to get it right. Even if the Bangladesh Bank, the first to be hacked, had implemented better security procedures. It is in building more robust structural software rather than relying on network security products that results in more secure and functional systems.
Organisations need to be aware that firewalls, antivirus and anti-fraud software are not enough to fully protect themselves in the age of ingenious cyber criminals. They offer a barrier, but not an unbreachable one. The complex hacks of today are easily capable of infiltrating multiple security components. Complete, comprehensive security starts with good structural code foundations.
The Financial Services industry looks set to continue being an appealing target for hackers. They hold sensitive information, both personal and financial, so any openings or gaps in security are likely to be fully exploited by hackers.
Software created with strong, fundamental architectural designs perform best. When there is an emphasis on core health factors such as reliability, functionality, robustness and security combined, it becomes a much harder job for hackers to find cracks in the foundation. Software design that doesn’t follow best practises, such as those detailed by CISQ (the Consortium for IT Software Quality), result in vulnerabilities, especially in complex legacy systems, offering an easy passage for entry into the network.
Building structural code meeting industry standards, with security designed and built into every stage of the application as it is coded, ensures reliable, secure and resilient IT performance. It is also important to assume all new applications to have encryption. Whether outsourced or coded internally, failing to do this will result in unsecure applications. When outsourced, it is vital the quality of coding is not ‘lost in translation’. Despite this, the most recent Financial Services CRASH Report from CAST reveals outsourced applications are actually sometimes more secure.
Financial organisations looking to avoid suffering cyber-attack damage and reputational risk must not let weak structural code quality and overlooked vulnerabilities affect their bottom line. The future looks better as tougher cyber regulations are set to be imposed and attitudes towards protecting systems seem to be changing. Given the consequences of successful cyber-attacks, it’s not a surprise leading banks are suggesting joining forces to combat the threats withglobal cyber security standards, which would spell the end of the ‘blame game’. If an organisation gets compromised, the responsibility will lie solely with them. The message is clear: clean up your act.
Whilst the threat continues to rear its ugly head, organisations who have a top-level commitment to security have the opportunity to stand out from the crowd. When security is done well, it enables better enterprise performance. Those who build the strongest foundations are not only in a better position to minimise risk, both reputational and financial, but also to drive tangible business value.