Connect with us

Technology

What does 2020 hold for financial services cybersecurity?

Published

on

What does 2020 hold for financial services cybersecurity?

By Caroline Paddle, director, Skybox Security 

The cyber threat to financial institutions is growing at a staggering rate. The Financial Conduct Authority recently reported that British financial services companies saw a fivefold rise in data breaches in 2018 compared with the year prior. As the number of threats continues to increase, a stark reality is setting in for a number of financial institutions (FIs): if they’re currently not confident in their ability to manage their current threat level, they might soon find themselves staring over the cliff face.

The story of cybersecurity within the financial services industry for 2020 will be one of FIs placing greater scrutiny on their existing security environments, reigning in their focus to ensure that they have the strongest foundations to help them weather the ensuing storm.

Security of third-party environments will be tightened

Caroline Paddle

Caroline Paddle

Monitoring third parties’ cybersecurity is a growing concern for banks, one echoed in a stark warning given earlier in 2019by Paul Williams, senior technical advisor of operational risk and resilience at the Bank of England (BoE). Of course, it’s only logical that if a bank doesn’t have full visibility of all itsnetwork entrance and exit points, they are putting their entire infrastructure at huge risk. Third parties are already dividing banks’ security environments, and this isn’t likely to end soon.

The mounting pressure on FIs to achieve a complete understanding of their vast network infrastructure, and to secure their increasing portfolio of third-party environments, needs to at least be somewhat resolved in 2020. To deal with this issue, it’s necessary for FIs to meticulously investigate their APIs and consolidate their security architectures so they have an improved awareness of the risks that face their business.

Cloud misconfiguration will cause confusion

Banks have welcomed cloud technologies with open arms. Cloud as a platform is now being usedto cope with the surge in big data, improve operational efficiency and develop banking platforms. FIs are especially interested in how rapidly cloud services can be integrated alongside existing operations.

However, as banks try to roll out cloud services as quickly as possible, security is being deprioritised to spin up new IaaS cloud environments as quickly as possible. This has resulted in fresh risks being created through access point misconfiguration. If FIs don’t make sure that security underpins all cloud initiatives, it’s likely that the propagation of these types of risks is only going to increase next year.

As cloud is a comparatively new tech, banks are still grappling with how to achieve complete network visibility and comply with necessary security standards. Confusion around how to secure cloud is no excuse, however, for deploying insecure cloud services. FI security teams need to work with DevOps to establish a better way of working that eliminates the possibility for misconfiguration, and they need to do so quickly: the number of vulnerabilities reported which affect cloud IaaS is likely to increase by 50 percent over 2018 figures by the end of 2019 according to Skybox Security’s 2019 Cloud Trends Report. To manage emerging cloud risks in 2020,we are going to see financial organisations pigeonholed into a position where they have to bolster their network audits and tidy up their firewalls.

Tech debts are dealt with

Financial organisations are constantly being held back by their often-archaic legacy technology. One sector that will be especially vulnerable in 2020 is the ATM industry. This is because a bulk of their operating systems rely on Windows 7,an operating system that will no longer be supported by Microsoft from January 14th.

To move forward with their digital transformation plans, banks have to continue to deploy new controls on top of their old systems. For security teams to cope with the increasing complexity of their aging infrastructure, they must endeavour to embed security within their transformational plans. It’s imperative they look at how they protect their existing environment whilst simultaneously bolstering their security measures.

Processes and people play a part

Banks aren’t immune to the ongoing cybersecurity skills crisis. But as they fight to keep members of their security team on board, there is an absence of staff to keep on top of basic tasks such as vulnerability patching. Despite endeavours to use technology to more effectively manage these tasks, there is still a surprising over-reliance on manual processes throughout the sector.

Throughout 2020, FIs will need to find fresh means of utilising their existing resource more successfully. This can be achieved through readjusting workloads based on detailed threat intelligence, automating more processes and with greater frequency, consolidating activities, combatting organisational silos, or a combination of these tactics.

Ransomware rises again

The propagation of cryptominers was a primary concern for many FIs at the beginning of 2019. But as cryptocurrency has declined in value, so too has the popularity of mining malware. Criminals are profit-driven, and the most profitable tactics for them now are their old favourites: botnets and ransomware.

In response to this threat, banks must prioritise operational resiliency. Right now, many organisations are encumbered by a bloated collection of point products. To increase efficiency and better deal with the changing threat landscape,many are seeking to consolidate their cybersecurity solutions in 2020. To tackle the imposing threat of botnets, systems should be amalgamated,and data normalised to form an intelligence-driven understanding of the complete network. To spot these attacks and remediate their most exposed vulnerabilities, banks needto have this insight.

2020 isn’t going to be easy for CISOs operating in the financial services sector. Only time will tell if the sheer volume of threats and attacks knocking at their door gets too much to handle. As talent remains scarce and threats multiply, banks must be sure to invest in the technology that can keep them abreast of the most critical security issues facing their organisation.

Technology

Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution

Published

on

Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution 1

SunTec’s GCC VAT compliance solution to help Ahli Bank automate end-to-end VAT compliance process, manage regulatory changes, and seamlessly integrate it with the existing IT ecosystem

SunTec, the world’s #1 relationship-based pricing and billing company and the provider of #1 GST and VAT compliance solution for Banks and Financial Services in GCC and India, has partnered with Ahli Bank, Oman, to provide its GCC VAT compliance solution.

The win is a landmark one for SunTec as it marks the 50th customer for its indirect taxation solution. SunTec has garnered 24 customers in India and this is the 26th customer in the Middle East to acquire the solution.

VAT is likely to be introduced in Oman in early 2021 and Ahli Bank has taken the proactive step of adopting a VAT compliance solution to ensure operational efficiency, enhance revenue, and augment customer experience.

Amit Dua, President – Client Facing Groups, SunTec, said, “We are delighted to partner with Ahli Bank, Oman in what marks a historic win, in their journey to ensure VAT compliance. We understand that the VAT landscape is evolving within the GCC, and therefore, our solution offers agility to respond to these changing regulatory requirements. With the Xelerate platform and GCC VAT compliance solution, Ahli Bank can digitize the entire VAT compliance process and comply with least number of changes to their existing technology infrastructure.”

He added, “VAT is a crucial step that the GCC countries have taken to implement tax regimes. It is imperative for banks and financial institutions to have a robust and scalable solution to accommodate their specific needs. Ahli Bank joins the list of more than 20 banks who have adopted our GCC VAT Compliance solution.  I’m proud to say that approximately 3 billion transactions per annum are processed through our GCC VAT/ GST compliance solution across our client base.”

Said Abdullah Al Hatmi, CEO at Ahli Bank, added: “It is extremely crucial for us to be ready for VAT compliance. We are very happy to partner with SunTec to deploy GCC VAT compliance solution. With SunTec we will have a single solution in place covering all aspects of VAT compliance and we will be future-proofed given that any future regulatory changes will be handled by the solution with ease.”

SunTec’s GCC VAT compliance solution based on the Xelerate platform will enable the bank to smoothly comply with GCC VAT regulations and manage potential regulatory changes with ease. The single end-to-end solution helps automate the entire VAT compliance process including centralized rule-based tax determination, input tax recovery, tax invoice, reconciliation, corrections, adjustments, statements, and regulatory reporting.

SunTec GCC VAT Compliance solution is architected to meet the unique needs of banks and financial services firms and can easily integrate with existing IT systems. The solution is designed to process all taxable transactions across business lines and applications, reduce cost of compliance, mitigate potential risk of compliance violations, penalties, and reputational risk.

Continue Reading

Technology

Securing Digital Transformation in Financial Services

Published

on

Securing Digital Transformation in Financial Services 2

By Bindu Sundaresan, Director, AT&T Cybersecurity

In the last year, financial services organizations have been pushed to speed up their digitization strategies faster than they could have ever anticipated. The COVID pandemic has closed the doors of many physical banks, forced them to move many interactions with customers to digital and introduce new measures so employees can carry out their jobs from home.

The uptake of digital banking has been immense with a recent report from World Retail Banking revealing that 57 percent of consumers prefer internet banking in the Covid-19 era. Today, connected consumers expect near-real-time online transactions at their own convenience, 24X7, and they expect banks, credit card providers, and stockbrokers to provide uninterrupted web services wherever they are in the world.

However, while this digitization has enabled banks to fully serve their customers during the pandemic, it has raised the security stakes considerably.

All around the world, while financial services organizations are adapting and taking advantage of digital technology to make consumer banking and payments safer, faster and more convenient, cyber criminals have been looking at ways to exploit these new initiatives.

What are the best ways financial organizations can embrace digital transformation, without compromising on security?

Embracing Digital Transformation Security

Financial institutions have long been a top target for cyber criminals and as these organizations broaden their digital footprint, their risk profiles change, and their attack surface widens.

In fact, a recent report from AT&T Business revealed that many organizations have noted an increase in malicious activity and cyber-related fraud against themselves and their customers, since the coronavirus pandemic struck. The attacks on institutions are typically happening through malware or social engineering campaigns, while customers are especially vulnerable to phishing with cyber criminals sending out fake COVID-related emails disguised as if coming from banks.

To help understand and manage these risks, financial organizations need to be proactive with their cybersecurity. One of the most important steps they can take is embedding security into new services from the very beginning. This will enable business leaders to make informed decisions, allocate resources efficiently, and understand the value of systems and information.

Banks and other financial institutions handle some of the most sensitive information for their customers and business – Personally Identifiable Information (PII), credit card numbers, and account information. However, as access points to reach this information increases, security should be embedded into systems earlier in the development process. To help achieve this, security teams need to work more closely with developer teams at the beginning of development stages when new technology is being introduced, rather than security being bolted on at the end, which is something that has traditionally happened.

Building a security-conscious culture is also essential, particularly as employees today are more frequently working from home. Employees need to be educated about the most current fraud and phishing scams and how to avoid them. They should be instructed to access sensitive data from a secure network, using their company device, and through the prescribed channels—not by clicking a link in a newly received e-mail. Employees should not open unexpected e-mail attachments and should report suspicious e-mails to the company’s IT department.

Bindu Sundaresan

Bindu Sundaresan

Since external IT services are ubiquitous in today’s business environment, it is imperative that as financial services organizations assess technology providers to provide that  these services do not pose an immediate impact, while also strategizing how best to fortify resilience against third-party challenges. Many third-party services are critical to an organization’s success, including technical support, cloud-based financial applications, security monitoring, email and data backup solutions. Vendor management is a complex and time-intensive task which many organizations do not, and in many cases, cannot dedicate the time and resources to managing. For companies with a small number of vendors, this can be manageable, but most organizations will need additional support to create and implement these programs effectively. By dedicating resources to developing a program, organizations can begin to understand and eliminate the threats posed by third parties.

Financial institutions should also consider implementing a Zero-Trust approach within their security strategy. Zero Trust is a cybersecurity model with a tenet that any endpoint connecting to a network should not be trusted by default. With Zero Trust, everything and everyone— including users, devices, endpoints —must be properly verified before access to the network is allowed. The protocols for a Zero Trust network outline specific rules in place to govern the amount of access granted to users, based upon the type of user, their location, and how they are accessing the network. If the security status of any connecting endpoint or user cannot be resolved, the Zero Trust network will deny the connection by default.

Conclusion

Since the beginning of the pandemic, financial organizations have been forced to change the way they operate. Employees are now working more frequently from home and many banking services can now be done online. While these steps have been vital to keep the finance industry moving during the pandemic, they have introduced new security challenges.

As these organizations embrace digital transformation and are shifting to the cloud, simplifying technology infrastructure and outsourcing workloads to third parties, they are also expanding their cyber risk. Cyber has become more prolific across systems, platforms, and people — employees, customers, and partners — and enterprise leadership must correlate all of this to stay ahead of the adversary and help  protect the organization’s most valuable assets.

Financial institutions therefore must be increasingly vigilant, and increasingly well-equipped technologically, to protect themselves from sophisticated attacks. In this way, digital transformation becomes both a critical contributing factor in the problem of growing cyber risks today—and a critical resource for solving it.

Continue Reading

Technology

Using technology to optimise your finance  

Published

on

Using technology to optimise your finance   3

By Mark Pullen, CEO, Xledger

Covid-19 restrictions and ongoing uncertainty have prompted a fundamental switch in mindset across a multitude of different sectors. Many organisations have begun to recognise that outsourcing their finance can make them more agile and give them the competitive edge they need to compete and scale effectively in today’s market.

Solving the pain points 

Inefficient processes are prone to causing delays and errors which can have a huge impact on the bottom line when viewed at scale. They can also negatively impact the client experience, causing frustration with missed deadlines and mounting uncompleted tasks.

New finance technology is automating many of the daily, monotonous back office functions such as bank reconciliation and invoice entry, meaning that the nature of the work that a finance professional provides will change. This presents a huge opportunity as it gives these employees the opportunity to be involved in higher-level work. Technology can also provide a resource that gives real time insight, allowing for better strategic decision making, which is so key in the current climate.

Optimising your finance function  

Outsourcing high-value services within the finance function can improve workflow by implementing a defined and transparent process which streamlines operations. For a finance department, this can speed up areas that require internal controls such as expense reporting and cash release, but it can also speed up the full lifecycle of a project; from time tracking and resource to accounting and billing.

There is also a cost efficiency benefit when outsourcing, as management bandwidth is effectively increased by eliminating the need to be involved in many of the day to day processes. Instead this time can be focused on other business priorities and planning for future growth.

Outsourcing accounting functions to bespoke and standardised technologies means using data led processes that can be measured, optimised and benchmarked against in-house requirements. These processes can also be undertaken remotely, boosting the resilience of your business in these uncertain times.

Case study box-out: RPC Tyche 

Mark Pullen

Mark Pullen

RPC Tyche is a global insurance software supplier with offices in London, Paris, and the USA. Initially a division of award-winning law firm RPC, but now a stand-alone entity, RPC Tyche’s main software offerings support capital modelling, and pricing commercial insurance and reinsurance.

The challenge 

As part of a restructuring process following the de-coupling with the law firm RPC, RPC Tyche had to separate its back-office processes. They remained under the umbrella of the law firm while the changes were taking place, so initially had some flexibility with the shared finance system, but time was running out to separate the two entities cleanly. As a stand-alone company, RPC Tyche now needed its own financial system; one that could align with its new business processes and that could be implemented quickly to deliver the organisation’s business objectives. Furthermore, they needed a new finance solution that could help them grow exponentially, facilitate a globally diverse group structure, and still maintain efficiency when operating as a small team.

Gavin Dilley, Chief Finance Officer for RPC Tyche commented, “Following an initial discussion with a third-party advisor regarding Xero and Quickbooks, we were recommended Xledger because we required a swift and scalable solution. After contacting Xledger, their tried and tested implementation methodology ultimately assured us that we would achieve the fast-paced implementation needed for our go-live objective. We also really liked that Xledger was a multi-tenanted, true cloud solution with its scalability setting it apart from the competitors.”

Implementation and training 

Following conversations with Xledger, RPC Tyche created a project management team to keep everything on track on their side, an arrangement that Gavin emphasised “worked really well.” He said that “as a small project team, the flexibility to undergo substantial configuration during the training sessions with the Xledger consultants brought focus and enabled us to dedicate sufficient time to the system without distractions.”

Although the implementation was expected to take three months, RPC Tyche experienced hold-ups owing to the separating of back-office processes, so they were pleased when it was mutually agreed to facilitate a one-month delay.

Post-implementation results 

“The implementation process was highly effective, and we’re very happy with the results,” said Gavin. “Since implementing the Xledger solution, we’ve been so pleased we haven’t had to dip back into the old system as the transfer of historic data has been particularly successful.” RPC Tyche had a large volume of historic data and transactions, including timesheets and work in progress reports that were all successfully migrated to Xledger during implementation. “We’re particularly happy with how easy it has been to onboard our new Finance Controller, due to flexible training and the system being so intuitive.”

Gavin added, “Since implementing Xledger, we have far greater reporting flexibility, better distribution of skills within the finance team and are naturally more self-sufficient because we can make amendments to the system without relying on the software provider.

The system is easy to use, and the purchase order functionalities, integrated workflows and automation of processes have enabled us to be highly efficient, even as a small finance team. Not to mention that the Xledger support team are incredibly responsive, so we can continually maintain productivity.”

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

SH Capital Ltd launches in Dubai to support SMEs with global banking services 4 SH Capital Ltd launches in Dubai to support SMEs with global banking services 5
Finance7 hours ago

SH Capital Ltd launches in Dubai to support SMEs with global banking services

Fintech provider to reconnect businesses with international banking services, digital treasury management solutions, risk management and cash investment products A...

Why CMOs Should Care About Customer IAM 6 Why CMOs Should Care About Customer IAM 7
Business8 hours ago

Why CMOs Should Care About Customer IAM

By Darshana Gunawardana, Associate Director/Architect at WSO2 The surge to move online in 2020, in turn, has driven demand for...

Volkswagen faces EU fine for missing 2020 emissions targets 8 Volkswagen faces EU fine for missing 2020 emissions targets 9
Business9 hours ago

Volkswagen faces EU fine for missing 2020 emissions targets

BERLIN (Reuters) – Volkswagen faces a fine of more than 100 million euros ($121 million) for missing EU targets on...

Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution 10 Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution 11
Technology9 hours ago

Ahli Bank, Oman, is SunTec’s 50th customer for its Indirect Taxation Solution

SunTec’s GCC VAT compliance solution to help Ahli Bank automate end-to-end VAT compliance process, manage regulatory changes, and seamlessly integrate...

Oil dips after unexpected rise in U.S. crude stocks 12 Oil dips after unexpected rise in U.S. crude stocks 13
Business9 hours ago

Oil dips after unexpected rise in U.S. crude stocks

By Ahmad Ghaddar LONDON (Reuters) – Oil slipped on Thursday after industry data showed a surprise increase in U.S. crude...

UK factories see big drop in output ahead, supply problems too 14 UK factories see big drop in output ahead, supply problems too 15
Business10 hours ago

UK factories see big drop in output ahead, supply problems too

LONDON (Reuters) – British manufacturers expect a sharp fall in output in the three months ahead and there were widespread...

Britain's EG Group appoints Rose as non-executive chairman 16 Britain's EG Group appoints Rose as non-executive chairman 17
Business11 hours ago

Britain’s EG Group appoints Rose as non-executive chairman

LONDON (Reuters) – British convenience store and fuel retailer EG Group said on Thursday it had appointed Ocado Chairman Stuart...

Bitcoin slumps 10% as pullback from record continues 18 Bitcoin slumps 10% as pullback from record continues 19
Investing11 hours ago

Bitcoin slumps 10% as pullback from record continues

LONDON (Reuters) – Bitcoin slumped 10% on Thursday to a 10-day low of $31,977 as the world’s most popular cryptocurrency...

European firms improve diversity scores in pandemic year, study finds 20 European firms improve diversity scores in pandemic year, study finds 21
Business11 hours ago

European firms improve diversity scores in pandemic year, study finds

By Aida Pelaez-Fernandez (Reuters) – The number of major European companies with high participation of women in leadership positions has...

Bank of Japan lifts next year's growth forecast, saves ammunition as virus risks linger 22 Bank of Japan lifts next year's growth forecast, saves ammunition as virus risks linger 23
Banking11 hours ago

Bank of Japan lifts next year’s growth forecast, saves ammunition as virus risks linger

By Leika Kihara and Tetsushi Kajimoto TOKYO (Reuters) – The Bank of Japan kept monetary policy steady on Thursday and...

Newsletters with Secrets & Analysis. Subscribe Now