By Colin Williams, Chief Technologist, Networking and Security, Computacenter
As anyone working in the financial services sector will know, customer demographics are changing and with that, there’s a complex set of expectations and indeed demands for digital services emerging that allow greater flexibility in accessing accounts, services and information. Where retail and other service sectors have long embraced digital channels in their customer relations both to attract and retain new business, banks and other financial businesses have been slow to adopt modern platforms, and most would admit that this is largely due to concerns about security.
However, just as IT and Digital Transformation have proven to be instrumental in establishing a competitive advantage in the enterprise market – financial organisations are beginning to realise that they are not exempt from the digital revolution. Rising demand for omni-channel approaches and optimal digital experiences across the financial services sector are driving adoption of modern technologies. Whilst this will allow for greater accessibility, agility, scalability and ultimately customer satisfaction – realising greater performance across the business –it will also introduce some significant security challenges.
For financial business leaders therefore, it’s important to understand that cyber-security is now a key business enabler, rather than simply a part of the overall IT strategy.
The nature of the beast
The proliferation of modern connected technologies has made cyber-security a complex and admittedly, daunting prospect for business leaders and in just under 20 years, the finance industry has transitioned from brick and mortar fortresses to virtual vaults. In the old world, short of physically robbing a bank, criminals had few choices in terms of theft and leveraging ransoms.Today, however, thieves can theoretically empty a vault from the comfort of their armchair, at much lower risk.
The threat is exacerbated by the fact that direct theft and ransom demands are no longer the only, or even greatest concern for financial organisations.With increasing regulations, banks and financial service businesses cannot afford to be lax on security, as hacks or data leaks could cost them dearly in immediate fines and the loss of customer confidence.
The introduction of GDPR and MiFID II has provided additional incentives for financial services to secure their networks and avoid hefty fines. However, with so many new requirements, the complexity around compliance can result in enterprises investing in solutions which may seem interesting on the surface, but don’t adequately meet security needs or enable the business to harness the full power of their digital footprint.
Keep it simple and secure
To successfully navigate the complexity of the environment,whilst ensuring effective protection for the whole IT ecosystem, financial businesses should consider the five key infrastructure areas involved in cyber-security and digital trust:
- Endpoint Options – Modern financial services businesses rely upon a wide variety of device endpoints to ensure that they deliver the best quality services to customers and as these touch points increase, the attack surface of the organisation grows. To achieve optimal security, businesses require consistent, cost-effective and compliant solutions that can detect vulnerabilities and defend against known and emerging attacks, whilst providing a flexible, multi-layered approach that empowers users to work and collaborate effectively, thereby driving productivity.
- Infrastructure Security – Today’s businesses often rely on complex hybrid IT infrastructures that offer enhanced operational capabilities,but can expose an increased level of vulnerability. By transforming existing infrastructures, optimising security platforms and implementing dynamic and intelligent defences, it’s possible to mobilise the workforce and wider digitisation of the business whilst maintaining effective infrastructure security. For those businesses without the capabilities to manage IT security in-house, managed services can offer an alternative operational approach, whilst effectively safeguarding business continuity and compliance to reassure customers that their data is in safe hands.
- Cyber-Security – The current threat landscape has evolved beyond reactive protection and today’s businesses require proactive security solutions that identify and close the gaps that expose the business and its users to risk. By taking a holistic view of the IT ecosystem and applying comprehensive security measures covering the network, the data center and the cloud, it’s possible to safeguard critical infrastructures to ensure maximum uptime. With proactive artificial intelligence (AI) and machine learning (ML) cyber-threat platforms,financial services providers can achieve protection through actionable intelligence, thereby staying one step ahead of known and even emerging threats. In a saturated cyber-security solutions market, IT leaders can draw on the experience of trusted security partners to reduce the time and complexity associated with planning and implementation,whilst remaining confident that their solutions are effective and tailored to the needs of their business.
- Information Protection–In light of GDPR, security policy around data governance is now of primary importance to all businesses, not least financial organisations. Whether standalone or as part of a managed services contract, Information Security Management Services must be led by a business-driven information security policy that is aligned with industry best practice and covers all vendors and operational outcomes – from the data center, to the internal network, and then on into the cloud. Businesses can also realise benefits from automation to simplify and streamline compliance to ensure adherence to international information security regulations whilst simplifying implementation and ongoing management.
- Identity and access management (IAM) – With more device endpoints and increasing evidence[i] that attackers are opting for user-targeted attack vectors, IAM has never been more important in mitigating cyber-attacks. From single sign-on and federated identities, to multi-factor authentication, least privilege and public key infrastructures, it’s imperative that only authorised users can access corporate data, wherever it’s stored. Critically, IAMs don’t just safeguard the user; they safeguard the entire business.With user group identification assessments to facilitate policy matching and simplified administration of user identities with effective password management, directory services and process automation, financial services businesses can be confident that user-related vulnerabilities are kept to an absolute minimum.
Security as a strategic business enabler
In an increasingly digitised society, the allure of new technologies will prove impossible to resist for financial organisations, as they attempt to establish competitive differentiation and attract more customers. As IT footprints continue to grow in size and importance, cyber-crime will be the number one threat to businesses, and will only become more prominent as hackers develop new tools and approaches to achieve their goals.
In a complex and increasingly dangerous online environment, organisations need simple and effective strategies to protect their IT ecosystems and customer data.This is a multi-faceted process, which requires both modern security technologies capable of attack prevention, and active threat identification and management,as well as the promotion of best practice amongst employees and customers and effective planning in the case of a successful attack.
The five key areas of IT security infrastructure provide financial organisations with a simple framework that can help them to maintain compliant infrastructures, which protect their key assets and minimise vulnerabilities across the business. In addition, by recognising this framework as a business enabler – unlocking greater agility and productivity whilst delivering a whole new experience to customers –they can realise more effective strategies for driving growth and increased trust amongst new and existing customers.