Connect with us

Top Stories

Digital Assets and Banking: Who Will be The Winners and Losers in the Knowledge Economy

Published

on

Digital Assets and Banking: Who Will be The Winners and Losers in the Knowledge Economy 1

By David Rimmer from Leading Edge Forum looks at role of digital assets in propelling banking into the knowledge economy.

In the knowledge economy, digital assets play a pivotal role. Information technology (IT) is both a significant intangible asset in its own right and the key connecter of other intangible assets. Inevitably, banks must build their strategies around digital assets, just as in the industrial age firms planned their business around machinery, factories and connections to transport networks. In developing strategies, banks will need to take into account the distinctive characteristics of intangible assets, such as scalability and synergies, and identify how to combine digital assets with other intangibles. Let’s take a closer look at the major digital assets which will drive bank revenue and profits.

Scalable digital operations

David Rimmer

David Rimmer

Intangible assets, such as data and algorithms, have the potential to scale but banks require a means to scale in practice through digital operations if they are to maximise this notional value. For FinTechs and challenger banks this is no problem. They are built digitally from the bottom up, which inevitably gives them scalable software-based operations, with tiny variable costs per transaction. Conversely, if incumbent banks are to compete in the long term, they need operations and IT systems that can scale to match ‘digital-native’ businesses which are digitised from front to back.

At present, most incumbent banks have digital transformation plans that move the bank forward one step at a time from where they are now. This is sensible and pragmatic, but banks will not be able to compete without a parallel strategy that starts from the destination, working backwards from what the bank’s cost structure needs to be. This will be nothing like where they are now, nor even where they expect to be after their current digital transformation plans. Transaction costs may need to be orders of magnitude lower. A vital consideration is that, owing to concentration effects, the number of banks that reach scale in any given market may be small.

There are four options for achieving scalable digital operations: greenfield, brownfield, insourcing / outsourcing and per-click operations.

Greenfield – The critical manoeuvre in this strategy is making the cut-over from old to new, i.e.: “How does the bank bring over legacy customers and data?”; and “How are existing brands and partner relationships leveraged?”. Otherwise, this strategy amounts to following the challengers two to three years after the fact, without leveraging the bank’s strengths in intangible assets.

Brownfield – Banks may decide that in some parts of their business they can come close enough to the goal of scalability through a brownfield approach based on simplifying and transforming their current IT. Here, automation across every function will be indispensable as, put simply, people don’t scale.

Outsource/ insource – Where the bank is not at scale, outsourcing to other service providers will be a compelling option, especially if a function offers little potential to differentiate in the eyes of the customer. Of course, the mirror image of this strategy is to insource additional volumes from outsourcing banks. 

Per-click operations – The final option for scalability involves accessing external services on a per-click model. This is how many digital businesses have managed to achieve global scale quickly. Uber’s rapid growth was possible because its operations are essentially just a bundling of services sourced from partners on a per-click basis. Partner APIs lie behind Uber’s geo-positioning, route calculation, maps, push notifications, payments and receipts. Banks can identify where banking functions and commodity services are available on a per-click basis and incorporate them within their digital operations.

Digital Platforms

The platform is rapidly becoming the dominant business model for the 21st century.This makes platforms fundamental to any intangible strategy. In addition to driving revenue in their own right, platforms draw in more customers, spin off more data and create new data interfaces – all intangible assets that can be leveraged in other areas.

Building platforms

A platform is essentially a multi-sided marketplace that connects parties on each side, with network effects creating a virtuous circle that attracts ever more producers and consumers to the platform. Banks can build platforms around areas of banking, such as trade finance, asset management and wealth management. Alternatively, banks can target platforms at particular customer segments, e.g. small businesses, millennials or high net-worth individuals. A further option is building a platform whose sole role is connectivity, with Bloomberg the poster-child. In any case, the starting point must be total clarity around customer jobs-to-be-done, say, exporting goods or saving for retirement, to use Clayton Christensen’s framework. Why would a customer come to the platform? What jobs do they want done?Equally, banks need to think through which partners are required and what is in it for them. A number of banks have embarked down the road of building platforms, but too many have viewed the platform as a vehicle simply for distributing existing bank products, as opposed to working back from customer jobs-to-be-done and the partners needed for those jobs.[i]

Tapping into external platforms and network effects

Not everyone can be a platform – by definition. Banks should, therefore, consider where it makes sense to adopt a contrarian ‘cheap and cheerful’ strategy of accessing the network effects of other platforms. i.e. “If you can’t beat, them join them’. As an example, 58 banks across Europe have decided to use Raisin as a distribution platform for savings products in order to access a larger network of customers than is possible via their own channels.

Strategies for the global platforms (GAFA and the Chinese platforms)

A further strategic dimension should be assessing opportunities and threats from the global platforms that have become such dominant features in our business landscape. The global platforms may act in the role of distribution channels, customers or competitors – or all three.

  • Competitors – In China, AliPay and WeChat have come to dominate certain financial services segments. In Europe, Amazon, Facebook and Google have registered as a third party to aggregate payment data and initiate payments under Payment Services Directive 2. As a result of these and other moves, banks need to identify where their business is vulnerable to the major platforms and develop defensive strategies.
  • Distribution channels and interfaces – Global platforms, such as Amazon, have become the high streets of today’s digital world and, consequently, it is essential for banks to have a strategy for distribution via these digital high streets. This strategy will need to include integration with platforms’ intelligent agents such as Siri and Alexa, which are likely to become the standard interface for accessing frequently-used digital services.
  • Customers – Banks should look out for revenue opportunities from providing financial services to the platforms themselves and to their customers. For example, Zopa, the UK peer-to-peer lender, has struck a deal with Uber to offer car loans to their drivers.

Algorithms

An algorithm isa set of rules for solving a problem in a finite number of steps. In some ways, the written operational procedures that banks depend on today can be regarded as algorithms because they similarly define a series of steps. Computerisation, however, has transformed the ability of banks to deploy algorithms. Computerised algorithms bring greater consistency in decisions, allow much larger volumes of data to be employed and increase the speed of decision-making.

Machine Learning (ML) and Artificial Intelligence (AI) bring a further step-change in potential to apply algorithms. Whereas hitherto people programmed an algorithm’s rule-set, ML and AI models allow computers to derive their own rules and progressively improve decision-making. In future, all the decisions that are fundamental to banking – credit, risk, fraud and investment – will be made, or at least supported by ML and AI models.

Monetisation of algorithms

Banks will want to capitalise on opportunities to monetise algorithms outside their own operations. After all, if you have a scalable asset why wouldn’t you want to market its use, generating not only added revenue but also harnessing more data to improve your algorithm? A case in point is Metro, the UK challenger bank, which has partnered with Zopa. Metro brings the customer deposits; Zopa brings the algorithms. Similarly, the AI-based lender, OakNorth, is commercialising its algorithms in countries outside its home UK market.

In order to develop and manage algorithms as a coherent set of corporate assets, acentre-of-excellence model stands out as an obvious approach, especially when it comes to ML and AI. The reasons for this are that:the state of the art is not yet mature; expertise is scarce; ML and AI are General Purpose Technologies (GPTs) with application across the whole bank; and, multiple ML and AI models will draw on similar data. Critical too will be measures of model performance and their impact on cost, revenue and profit. These metrics will be prominent in the dials that executives monitor most closely in tracking and predicting bank performance.

Data

Most banks have long-running data quality programmes, but compliance is typically their principal driver. Of course, compliance matters but the importance of algorithms means that banks should think about data first and foremost as a vital asset for revenue generation. In many respects, the data is more valuable than the algorithms. With data you can build algorithms, but algorithms without data are worthless. Google is happy publish its algorithms because it is the only firm that has the dataon customer search queries. Few banks can expect to succeed in the knowledge economy if they are not masters of their data.

Data Value = Data x Ability to Exploit Data

As with any asset, you first need to know what you have. Banks should build a map showing what data they hold and its business value (or potential value). I say ‘potential value’ because as with many intangibles assets, the value of data is not intrinsic, it depends on how / if it is brought into play, i.e. Data Value = Data xAbility to Exploit Data. For most incumbent banks there is a huge ‘data value gap’: the difference between what their data is worth at present and what it would be worth if it were classified, associated with other data and made accessible to those who need it in a timely manner.

Closing the data value gap

In large part, closing the ‘data value gap’ is a matter of improving data quality through traditional disciplines, such as data cleansing and applying meta-data. However, new factors are coming into play as banks extend their use of algorithms and harness new types of data such as unstructured data and ‘big data’ from outside the bank. As an example, for many ML and AI models, where data is stored and how is critical. In addition, as banks hold more and more data, the cost of data storage and management will become a significant concern. Likewise, because the value of much data ages fast – a breaking news story is worth infinitely more than yesterday’s news – access to data in real-time may be important, for example, via data streaming.

This is an area of rapid technology innovation where ‘received wisdom’ around how best to do things has yet to evolve. For most banks, unlike say manufacturing companies, the challenge is not the volume of data but its inter-relatedness and its timeliness. In the meantime, the challenge is keeping abreast with a flood of new technologies, understanding how and where they fit.

 Data access and monetisation

Once data is classified and made accessible, i.e. turned into an asset, it can be monetised. Whereas traditional management information and business intelligence models involve ‘pushing’ data to consumers of information, maximising the value of data entails reversing the flow through a ‘pull’ model. ‘Self-service’ becomes the goal, where consumers of data are provided with data, metadata and a set of tools.

There will also be opportunities to monetise data outside the bank’s own operations, for example:

  • Data services – Banks can seek to provide data services, both in order to generate revenue and to increase stickiness. In personal banking, increasingly customers’ choice of a bank will be shaped by the tools it offers to analyse and advise on spending. For merchants, Wirecard, the German payments provider, has built a service on top of its ePOS solution, which takes merchants’ payment data and provides back to them a machine learning solution for analysing customer value and migration rates.[ii]Data integration is another strategy: Barclays’ DataServices transfer data on payments and cash balances directly into customer accounting systems
  • Revenue from data sales – GDPR and other data regulations notwithstanding, banks will derive revenue from data sales. For example, companies such as Cardlytics provide targeted offers from retailers to bank customers who have opted to receive offers
  • Data aggregation – As banks’ ability to derive value from data increases, they will be active in aggregating and acquiring additional data, through offering customers added-value services in return for permission to use and partnering with data vendors who hold complementary data sets where 1 + 1 =3.

The sooner banks start down the road of thinking about their data as a vital corporate asset the better because it is hard to make up lost ground. Firstly, resolving data management issues around years’ of complex inter-related data plain takes time. Secondly, developing algorithms – which is why you want the data – is a learning process that depends on iterations, so it too just takes time. Most banks require much more impetus here.

Digital assets that can be monetised in their own right

Having built digital assets to support their own business, banks may find opportunities to monetise digital assets in their own right.

In many cases, the opportunity to monetise digital assets will come through APIs. Capabilities that were developed as part of an overall bank process, such as providing account data or initiating a payment, may be commercialised as stand-alone services via an API. Partners will consume bank APIs on a per-click basis as part of their own distinct customer proposition. As more and more elements of the economy are digitised, there will be an increasing range of opportunities to embed payments and other banking functions within the operations of other sectors. Banks should consider monetisation of any functions that they have digitised to support their business – not just banking functions. For example, Know Your Customer (KYC) checks are needed in a range of sectors (accountancy, legal and real estate) as a precursor to doing business.

Conclusion

To succeed in the knowledge economy, banks will have to put digital assets at the centre of their strategies to drive revenue and profits. Thinking about scalable digital operations, platforms, data and algorithms as distinct assets will in itself mark a step-change – right now they barely feature, if at all, on bank balance sheets. Human capital and organisation capital – people, skills, roles, processes and governance – will all need to evolve in support. Moreover, as with chess pieces, banks will have to learn the moves that are possible with each digital asset and decide how to bring them into play alongside other intangible assets within an overall game strategy.

[i] A framework for brownfield firms to map out platform strategies and to anticipate the moves of digital-native competitors is detailed in Liberating Platform Organizations, by Bill Murray of the Leading Edge Forum

[ii]Digitise Now, Wirecard Annual Report, 2017

Top Stories

Will covid-19 end the dominance of the big four?

Published

on

Will covid-19 end the dominance of the big four? 2

By Campbell Shaw, Head of Bank Partnerships, Cardlytics

Across the country, we are readjusting to refreshed restrictions on our daily lives, as we continue to navigate the seemingly unnavigable waters of the coronavirus pandemic.

For all of us, the pandemic has made life anything but ‘normal’, and with social distancing here to stay, it will remain so for a long time yet. These paradigm shifts have impacted every aspect of life, including how we bank.

Focus is already turning to the role the big banks are playing through the pandemic, with experts fearing the economic downturn will only cement the position of the ‘big four’ traditional players.

But has the pandemic shaken the dominance of the big banks? Or has it simply confirmed their position?

Turning to tech

There’s no doubt that the pandemic has caused the big players to be challenged like never before on tech.

Classically slower to adapt to developments in the market, increased demand for online services and contactless payment systems have turbocharged the big banks’ need to act like a challenger.

And they have, agilely adapting to this new normal by updating systems and services to ensure customers’ safety and financial security come first.

Scale is staying power

In these new times, the power and influence of the big players has also been proven.

The big four have provided the lion’s share of the government-backed loans designed to help small and medium-sized businesses through the pandemic. It has also been the big four offering the majority of payment holidays for customers on their mortgages, debt and credit cards.

However, it’s important to note that their power to retain customers goes much deeper than their market share.

Our switching study, which looked at the reasons behind customer switching, found that even before the pandemic, despite nearly half (48%) of UK adults admitting they know they aren’t getting the best deal with their current bank, half have never switched their current account.

That’s often because of the value they can provide to their customers, through personalized service, offers and rewards that keeps customers engaged and invested in them. As brands increasingly look to

Focus on finances

As the world becomes a more financially insecure place, due to COVID-19, there’s been a marked shift towards more attention on finances, which has affected not only the business functions of banks but has impacted banking relationships with customers at their core.

From deals to savings, customers now more than ever are re-evaluating how they bank, and how they manage their money.

The impact on the big four is more pressure than ever to keep up with the best interest rates and deals. That can be difficult for a big, and often slower moving, organisation and could be a stumbling block for them in the months to come.

However, on the plus side, the big four can lean into their sophisticated loyalty schemes, using offers and deals from partner brands to demonstrate value to customers and build up their loyalty.

Engaging with purpose

The pandemic has seen many banks acting with a renewed sense of purpose. Banking has had to be more adaptable than ever before – fitting the needs of those who may be feeling financial stress or dealing with unprecedented challenges.

And showing a little heart can go a long way when it comes to increasing customer loyalty and boosting a bank’s reputation.

Over the last months, traditional banks have been quick to adapt their products and services, in response to the demands and challenges their customers have been face.

No doubt, continuing to build more meaningful, supportive and engaging customer relationships, whether it is online or on the newly reopened high-street, will be critical to banks’ dominance as we look to the future.

Bring on the challengers

However, with their meteoric rise ahead of lockdown, we must keep an eye on the challengers, who still have the potential to knock traditional players off their pedestal.

We found that more than three million people in the UK opened a current account with a new bank last year. Our research found that traditional banks made up well over half (69%) of the accounts UK adults switched from, while newer digital challenger banks such as Monzo, Starling Bank and Revolut made up 25% of current accounts switched to. And these fast moving, fast growing challengers may see further growth if traditional banks are stifled by the declining high-street.

What’s more, the high street could yet prove to be the Achilles heel of the bigger players, as shifting budgets and increasing overheads in the context of a more online banking experience could see more big players struggle with their physical presence, making way for the digital challengers to thrive.

So, while the dominant players may have the lead, they should still keep an eye on the challengers as we look ahead to the next, uncertain, six months.

Continue Reading

Top Stories

To take the nation’s financial pulse, we must go digital

Published

on

To take the nation’s financial pulse, we must go digital 3

By Pete Bulley, Director of Product, Aire

The last six months have brought the precarious financial situation of many millions across the world into sharper focus than ever before. But while the figures may be unprecedented, the underlying problem is not a new one – and it requires serious attention as well as  action from lenders to solve it.

Research commissioned by Aire in February found that eight out of ten adults in the UK would be unable to cover essential monthly spending should their income drop by 20%. Since then, Covid-19 has increased the number without employment by 730,000 people between July and March, and saw 9.6 million furloughed as part of the job retention scheme.

The figures change daily but here are a few of the most significant: one in six mortgage holders had opted to take a payment holiday by June. Lenders had granted almost a million credit card payment deferrals, provided 686,500 payment holidays on personal loans, and offered 27 million interest-free overdrafts.

The pressure is growing for lenders and with no clear return to normal in sight, we are unfortunately likely to see levels of financial distress increase exponentially as we head into winter. Recent changes to the job retention scheme are signalling the start of the withdrawal of government support.

The challenge for lenders

Lenders have been embracing digital channels for years. However, we see it usually prioritised at acquisition, with customer management neglected in favour of getting new customers through the door. Once inside, even the most established of lenders are likely to fall back on manual processes when it comes to managing existing customers.

It’s different for fintechs. Unburdened by legacy systems, they’ve been able to begin with digital to offer a new generation of consumers better, more intuitive service. Most often this is digitised, mobile and seamless, and it’s spreading across sectors. While established banks and service providers are catching up — offering mobile payments and on-the-go access to accounts — this part of their service is still lagging. Nowhere is this felt harder than in customer management.

Time for a digital solution in customer management

With digital moving higher up the agenda for lenders as a result of the pandemic, many still haven’t got their customer support properly in place to meet demand. Manual outreach is still relied upon which is both heavy on resource and on time.

Lenders are also grappling with regulation. While many recognise the moral responsibility they have for their customers, they are still blind to the new tools available to help them act effectively and at scale.

In 2015, the FCA released its Fair Treatment of Customers regulations requiring that ‘consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale’.

But when the individual financial situation of customers is changing daily, never has this sentiment been more important (or more difficult) for lenders to adhere to. The problem is simple: the traditional credit scoring methods relied upon by lenders are no longer dynamic enough to spot sudden financial change.

The answer lies in better, and more scalable, personalised support. But to do this, lenders need rich, real-time insight so that lenders can act effectively, as the regulator demands. It needs to be done at scale and it needs to be done with the consumer experience in mind, with convenience and trust high on the agenda.

Placing the consumer at the heart of the response

To better understand a customer, inviting them into a branch or arranging a phone call may seem the most obvious solution. However, health concerns mean few people want to see their providers face-to-face, and fewer staff are in branches, not to mention the cost and time outlay by lenders this would require.

Call centres are not the answer either. Lack of trained capacity, cost and the perceived intrusiveness of calls are all barriers. We know from our own consumer research at Aire that customers are less likely to engage directly with their lenders on the phone when they feel payment demands will be made of them.

If lenders want reliable, actionable insight that serves both their needs (and their customers) they need to look to digital.

Asking the person who knows best – the borrower

So if the opportunity lies in gathering information directly from the consumer – the solution rests with first-party data. The reasons we pioneer this approach at Aire are clear: firstly, it provides a truly holistic view of each customer to the lender, a richer picture that covers areas that traditional credit scoring often misses, including employment status and savings levels. Secondly, it offers consumers the opportunity to engage directly in the process, finally shifting the balance in credit scoring into the hands of the individual.

With the right product behind it, this can be achieved seamlessly and at scale by lenders. Pulse from Aire provides a link delivered by SMS or email to customers, encouraging them to engage with Aire’s Interactive Virtual Interview (IVI). The information gathered from the consumer is then validated by Aire to provide the genuinely holistic view of a consumer that lenders require, delivering insights that include risk of financial difficulty, validated disposable income and a measure of engagement.

No lengthy or intrusive phone calls. No manual outreach or large call centre requirements. And best of all, lenders can get started in just days and they save up to £60 a customer.

Too good to be true?

This still leaves questions. How can you trust data provided directly from consumers? What about AI bias – are the results fair? And can lenders and customers alike trust it?

To look at first-party misbehaviour or ‘gaming’, sophisticated machine-learning algorithms are used to validate responses for accuracy. Essentially, they measure responses against existing contextual data and check its plausibility.

Aire also looks at how the IVI process is completed. By looking at how people complete the interview, not just what they say, we can spot with a high degree of accuracy if people are trying to game the system.

AI bias – the system creating unfair outcomes – is tackled through governance and culture. In working towards our vision of a world where finance is truly free from bias or prejudice, we invest heavily in constructing the best model governance systems we can at Aire to ensure our models are analysed systematically before being put into use.

This process has undergone rigorous improvements to ensure our outputs are compliant by regulatory standards and also align with our own company principles on data and ethics.

That leaves the issue of encouraging consumers to be confident when speaking to financial institutions online. Part of the solution is developing a better customer experience. If the purpose of this digital engagement is to gather more information on a particular borrower, the route the borrower takes should be personal and reactive to the information they submit. The outcome and potential gain should be clear.

The right technology at the right time?

What is clear is that in Covid-19, and the resulting financial shockwaves, lenders face an unprecedented challenge in customer management. In innovative new data in the form of first-party data, harnessed ethically, they may just have an unprecedented solution.

Continue Reading

Top Stories

The Future of Software Supply Chain Security: A focus on open source management

Published

on

The Future of Software Supply Chain Security: A focus on open source management 4

By Emile Monette, Director of Value Chain Security at Synopsys

Software Supply Chain Security: change is needed

Attacks on the Software Supply Chain (SSC) have increased exponentially, fueled at least in part by the widespread adoption of open source software, as well as organisations’ insufficient knowledge of their software content and resultant limited ability to conduct robust risk management. As a result, the SSC remains an inviting target for would-be attackers. It has become clear that changes in how we collectively secure our supply chains are required to raise the cost, and lower the impact, of attacks on the SSC.

A report by Atlantic Council found that “115 instances, going back a decade, of publicly reported attacks on the SSC or disclosure of high-impact vulnerabilities likely to be exploited” in cyber-attacks were implemented by affecting aspects of the SSC. The report highlights a number of alarming trends in the security of the SSC, including a rise in the hijacking of software updates, attacks by state actors, and open source compromises.

This article explores the use of open source software – a primary foundation of almost all modern software – due to its growing prominence, and more importantly, its associated security risks. Poorly managed open source software exposes the user to a number of security risks as it provides affordable vectors to potential attackers allowing them to launch attacks on a variety of entities—including governments, multinational corporations, and even the small to medium-sized companies that comprise the global technology supply chain, individual consumers, and every other user of technology.

The risks of open source software for supply chain security

The 2020 Open Source Security and Risk Analysis (OSSRA) report states that “If your organisation builds or simply uses software, you can assume that software will contain open source. Whether you are a member of an IT, development, operations, or security team, if you don’t have policies in place for identifying and patching known issues with the open source components you’re using, you’re not doing your job.”

Open source code now creates the basic infrastructure of most commercial software which supports enterprise systems and networks, thus providing the foundation of almost every software application used across all industries worldwide. Therefore, the need to identify, track and manage open source code components and libraries has risen tremendously.

License identification, patching vulnerabilities and introducing policies addressing outdated open source packages are now all crucial for responsible open source use. However, the use of open source software itself is not the issue. Because many software engineers ‘reuse’ code components when they are creating software (this is in fact a widely acknowledged best practice for software engineering), the risk of those components becoming out of date has grown. It is the use of unpatched and otherwise poorly managed open source software that is really what is putting organizations at risk.

Emile Monette

Emile Monette

The 2020 OSSRA report also reveals a variety of worrying statistics regarding SSC security. For example, according to the report, it takes organisations an unacceptably long time to mitigate known vulnerabilities, with 2020 being the first year that the  Heartbleed vulnerability was not found in any commercial software analyzed for the OSSRA report. This is six years after the first public disclosure of Heartbleed – plenty of time for even the least sophisticated attackers to take advantage of the known and publicly reported vulnerability.

The report also found that 91% of the investigated codebases contained components that were over four years out of date or had no developments made in the last two years, putting these components at a higher risk of vulnerabilities. Additionally, vulnerabilities found in the audited codebases had an average age of almost 4 ½ years, with 19% of vulnerabilities being over 10 years old, and the oldest vulnerability being a whopping 22 years old. Therefore, it is clear that open source users are not adequately defending themselves against open source enabled cyberattacks. This is especially concerning as 99% of the codebases analyzed in the OSSRA report contained open source software, with 75% of these containing at least one vulnerability, and 49% containing high-risk vulnerabilities.

Mitigating open source security risks

In order to mitigate security risks when using open source components, one must know what software you’re using, and which exploits impact its vulnerabilities. One way to do this is to obtain a comprehensive bill of materials from your suppliers (also known as a “build list” or a “software bill of materials” or “SBOM”). Ideally, the SBOM should contain all the open source components, as well as the versions used, the download locations for all projects and dependencies, the libraries which the code calls to, and the libraries that those dependencies link to.

Creating and communicating policies

Modern applications contain an abundance of open source components with possible security, code quality and licensing issues. Over time, even the best of these open source components will age (and newly discovered vulnerabilities will be identified in the codebase), which will result in them at best losing intended functionality, and at worst exposing the user to cyber exploitation.

Organizations should ensure their policies address updating, licensing, vulnerability management and other risks that the use of open source can create. Clear policies outlining introduction and documentation of new open source components can improve the control of what enters the codebase and that it complies with the policies.

Prioritizing open source security efforts

Organisations should prioritise open source vulnerability mitigation efforts in relation to CVSS (Common Vulnerability Scoring System) scores and CWE (Common Weakness Enumeration) information, along with information about the availability of exploits, paying careful attention to the full life cycle of the open source component, instead of only focusing on what happens on “day zero.” Patch priorities should also be in-line with the business importance of the asset patched, the risk of exploitation and the criticality of the asset. Similarly, organizations must consider using sources outside of the CVSS and CWE information, many of which provide early notification of vulnerabilities, and in particular, choosing one that delivers technical details, upgrade and patch guidance, as well as security insights. Lastly, it is important for organisations to monitor for new threats for the entire time their applications remain in service.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Entersekt provides clarity on Secure Remote Commerce authentication techniques for financial institutions 5 Entersekt provides clarity on Secure Remote Commerce authentication techniques for financial institutions 6
Technology4 hours ago

Entersekt provides clarity on Secure Remote Commerce authentication techniques for financial institutions

New whitepaper from Mercator available: Revisiting Authentication in the Age of SRC and EMV 3-D Secure Is it time for...

Thinking Long-Term When Your Shareholders Won’t Let You 8 Thinking Long-Term When Your Shareholders Won’t Let You 9
Business5 hours ago

Thinking Long-Term When Your Shareholders Won’t Let You

By MaryLee Sachs, US CEO, Brandpie In a recent study of nearly 700 CEOs across the US and Europe, my...

Are clients truly getting value from their BR solution? 10 Are clients truly getting value from their BR solution? 11
Investing5 hours ago

Are clients truly getting value from their BR solution?

By Matt Dickens, Senior Business Development Director at Ingenious Financial planners and wealth managers strive to deliver on the needs...

New TransUnion Study Finds Smooth Digital Transactions “Essential to Business Survival” During and After Pandemic 14 New TransUnion Study Finds Smooth Digital Transactions “Essential to Business Survival” During and After Pandemic 15
Business8 hours ago

New TransUnion Study Finds Smooth Digital Transactions “Essential to Business Survival” During and After Pandemic

Economist Intelligence Unit report for TransUnion highlights the crucial role emerging technologies will play in balancing fraud prevention and customer...

How technology has made us communicate better in crisis 16 How technology has made us communicate better in crisis 17
Business10 hours ago

How technology has made us communicate better in crisis

By Pete Hanlon, CTO of Moneypenny COVID-19 has taught us a lot. We have embraced technology, some might say, survived...

Futureproofing Your Credit Management Now 18 Futureproofing Your Credit Management Now 19
Finance11 hours ago

Futureproofing Your Credit Management Now

By Marieke Saeij, CEO, Onguard The pandemic has forced a shift in day-to-day operations for the majority of businesses. In...

Will covid-19 end the dominance of the big four? 20 Will covid-19 end the dominance of the big four? 21
Top Stories22 hours ago

Will covid-19 end the dominance of the big four?

By Campbell Shaw, Head of Bank Partnerships, Cardlytics Across the country, we are readjusting to refreshed restrictions on our daily...

Why cybercriminals have ‘Gone Vishing’ during the COVID-19 Pandemic 22 Why cybercriminals have ‘Gone Vishing’ during the COVID-19 Pandemic 23
Business1 day ago

Why cybercriminals have ‘Gone Vishing’ during the COVID-19 Pandemic

More than 215,000 vishing attempts in the last year alone As new coronavirus restrictions look set to confine much of...

Risk Mitigation vs. Risk Avoidance: Why FIs Need to Maintain Risk Appetite and Not Place All Bets on De-Risking 24 Risk Mitigation vs. Risk Avoidance: Why FIs Need to Maintain Risk Appetite and Not Place All Bets on De-Risking 25
Finance1 day ago

Risk Mitigation vs. Risk Avoidance: Why FIs Need to Maintain Risk Appetite and Not Place All Bets on De-Risking

De-risking aims to protect financial institutions from the increasing pressures placed by regulators and threats, associated with clients operating in...

Using AI to identify public sector fraud 26 Using AI to identify public sector fraud 27
Technology1 day ago

Using AI to identify public sector fraud

When it comes to audits in the public sector, both accountability and transparency are essential. Not only is the public...

Newsletters with Secrets & Analysis. Subscribe Now