Connect with us

BANKING

What happens next – how to fix IT in banking in 2019

Nationwide Building Society: The Most Compelling UK Banking Brand

By Alex Fagioli, CEO of Tectrade

So, the FCA has spoken and it’s now official: banks in the UK are under-equipped with the tools or knowledge to deal with the cyber risks they are being faced with. Of course this is no news to us, or anyone who has been paying any attention to the news over the past year. 2018 was a year that was dominated by stories of cyber security failings, whether it’s alleged Russian political hacking or a Facebook data leak that has left the photos of 6.8 million users exposed. The finance and banking sector was no different, with TSB’s cyber meltdown that saw users unable to access their accounts for up to a month and 1,300 accounts hit by fraud. To put a bow on the entire year, the FCA has plainly stated that it is “deeply concerned” with the under preparedness of banks and that their board members “have limited familiarity with the specific cyber risks their organisations face”. But while it might be a cathartic exercise to point the finger at ignorant board members and bemoan the lack of IT infrastructural integrity at financial institutions, what we need to do now is come up with solutions.

For starters, banks need to invest more, not less, on cybersecurity and day-to-day IT operations. Cutbacks are understandable as organisations look to maximise profits, but that Lloyds made nearly 100 CIOs redundant earlier in 2018 when it suffered 19 outages between May and June is indicative that this is not an area that should be neglected. Before looking to do anything to infrastructure, banks should ensure that they have the personnel on board to maximise their cybersecurity efforts.

Alex Fagioli

Alex Fagioli

From that point banks can audit their infrastructure. How up to date are the systems? How are storage and data backups being handled? What is the disaster recovery strategy? That latter point is particularly important, as we are consistently surprised by just how few organisations actually stress test their systems in a controlled environment for how they handle outages. Administrators are incapable of having a full understanding of the systems they are responsible for without testing them in a controlled and simulated environment. In the same way that you don’t want to discover you have a faulty fire alarm when you most need it, banks can quite easily carry out a ‘cyber MOT’ in order to keep systems in check and give IT teams a full working knowledge of any potential issues.

From a board level, there is evidently a disparity between executives and those on the ‘front lines’ of dealing with cybersecurity. A senior regulator at the FCA has accused such firms of being ‘overly confident’ and, as the old saying goes, the fish rots from the head down. By contrast, the people who deal with cybersecurity on a daily basis are well aware of the issues facing the sector: rapidly advancing threats and infrastructure that is not equipped to keep up with that rate of development. Employing a greater number of board members with this level of expertise would not halt cyberattacks, but would help to put banks on the front foot.

But while it’s one thing to say that banks should hire such people, finding that right individual with enough business acumen to complement their technical knowledge is another. Rather than employing someone at a board level, the FCA points out that many firms have brought on the third-party advisors to help educate the board to independently advise on how they can improve their systems and mentality to cybersecurity. This approach can make a lot of sense, particularly when hiring a board member in such a sector can take a couple of years – unfeasible when the issue is so pressing. However, the FCA also warns that retaining such services can result in an over-reliance on third parties and affect the development of in-house cyber capabilities. Teach a man to fish, as they say.

Things clearly aren’t working right now, whether it’s due to failings of internal procedure or an inability to deal with external threats. Look at, for example, the ‘routine upgrade’ at TSB that saw 1.9 million customers locked out of their accounts for up to a month, or Visa’s ‘blackout Friday’ where 5.2 million transactions failed across Europe because of a faulty switch.

On the other hand, it is estimated that cybercrime is costing banks in excess of $600 billion globally. Ransomware alone was responsible for $5 billion in losses in 2017, a figure we expect to see rise for the 2018 summaries (although it’s worth noting that the plunging price of cryptocurrencies across the board may mean a lower financial cost across an increased number of attacks).

Sadly, with any form of IT outage it is not a question of if, but when. As such, banks should adopt a zero day recovery architecture as the best means to mitigate risk and minimise downtime in the event of any outages, without having to worry about whether the workload is compromised. An evolution of the 3-2-1 backup rule (three copies of your data stored on two different media and one backup kept offsite), zero day recovery enables an IT department to partner with the cyber team and create a set of policies which define the architecture for what they want to do with data backups being stored offsite, normally in the cloud. This policy assigns an appropriate storage cost and therefore recovery time to each workload according to its strategic value to the business. It could, for example, mean that a particular workload needs to be brought back into the system within 20 minutes while another workload can wait a couple of days.

Adopting this kind of approach is not, however, a silver bullet. It will not prevent you from getting hacked, or stop a faulty switch shutting down the entire operation. What it does do is make sure that any downtime – and lost revenue that comes as a result – can be minimised. It is only by identifying the problems that have caused the kind of outages that the sector has experienced, that anything can actually be achieved. Pinpoint the issues, invest properly in preventing them, and banks will go some way to restoring confidence from the public and saving millions of pounds.

Continue Reading

Recent Posts

Protecting against man in the middle attacks with dynamic linking 28 Protecting against man in the middle attacks with dynamic linking 29
FINANCE1 week ago

Protecting against man in the middle attacks with dynamic linking

By David Vergara, Senior Director of Product Marketing at OneSpan In recent years, the booming growth of mobile applications has...

The Case for Banks to Digitally Transform: Iterating out of lockdown 30 The Case for Banks to Digitally Transform: Iterating out of lockdown 31
BANKING1 week ago

The Case for Banks to Digitally Transform: Iterating out of lockdown

By Sudeepto Mukherjee, Senior VP, Banking EMEA & APAC, Publicis Sapient. Before COVID-19 disrupted every imaginable part of society, banks...

Difficulties of Getting on the Property Ladder Post-Pandemic 32 Difficulties of Getting on the Property Ladder Post-Pandemic 33
LIFESTYLE1 week ago

Difficulties of Getting on the Property Ladder Post-Pandemic

There is a lot of talk about what’s going to happen to the housing market over the next few months....

Russian Doll: Building digital capabilities into a bank’s core 34 Russian Doll: Building digital capabilities into a bank’s core 35
BANKING1 week ago

Russian Doll: Building digital capabilities into a bank’s core

By Ian Johnson, Managing Director of Europe, Marqeta COVID-19 has left its mark on every industry, and banking is no...

How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 36 How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 37
TRADING1 week ago

How the US and Europe’s COVID-19 Responses Have Affected Exchange Rates

In living memory, few events have thrown the reputations of different countries and regions under such intense scrutiny as the...

Recognising the surprise PE investment potential in southern Africa 38 Recognising the surprise PE investment potential in southern Africa 39
INVESTING1 week ago

Recognising the surprise PE investment potential in southern Africa

By Martin Soderberg, partner at SPEAR Capital. An event of historic significance passed largely unnoticed in the world’s media recently,...

Why Banking is experiencing a second wave of transformation 40 Why Banking is experiencing a second wave of transformation 41
BANKING1 week ago

Why Banking is experiencing a second wave of transformation

By Keith Pearson, Head of Financial Services EMEA, ServiceNow The financial landscape has seen significant changes in the last six...

Making your mark: an introduction to trademarks 42 Making your mark: an introduction to trademarks 43
TRADING1 week ago

Making your mark: an introduction to trademarks

By James Turner, Director at  Turner Little  Are you looking to protect your brand? The chances are, you are –...

Tax evasion, avoidance and efficiency: which are legal? 44 Tax evasion, avoidance and efficiency: which are legal? 45
FINANCE1 week ago

Tax evasion, avoidance and efficiency: which are legal?

By James Turner, Director at York-based Turner Little Tax is a subject close to the hearts of most individuals, and...

Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm 46 Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm 47
TECHNOLOGY1 week ago

Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm

By Graham Brooks, Strategic Account Director, Cradlepoint This year, the financial sector’s plans have been thrown off course by a...

Strange new world: What next for banks? 48 Strange new world: What next for banks? 49
BANKING1 week ago

Strange new world: What next for banks?

By Simon Wilson, Director, Payment Solutions, Icon Solutions What’s next for banks in this strange new world we find ourselves...

Alone together: How to maintain a positive company culture while working remotely 50 Alone together: How to maintain a positive company culture while working remotely 51
BUSINESS1 week ago

Alone together: How to maintain a positive company culture while working remotely

By Paul Rowlett, from branded corporate gift specialist EverythingBranded, shares his tips for keeping staff morale and engagement high while...