In this article, we’ll discuss the challenges facing the European banking sector, the risks and barriers organisations face on the path to digital transformation, and how the sector will benefit from increased agility.
In this second article ofa two-part series, we’ll take a look at twin challenges facing the European banking sector, the risks facing organisations on the path to transformation, and why there’s real cause for optimism if the sector can become more agile and digitise its back office in the same way it has revolutionised customer-facing operations.
According to acybersecurity article, global cybercrime damages are predicted to reach $10.5 trillion by 2025. On one hand, sophisticated social engineering attacks and threats from hostile nation-states present a high level of risk to banks from outside the perimeter. Yet, it’s the threat from within that has intensified in the last two years.
近20年前,Bruce Schneier、安全费用rt and CTO at IBM Resilient, said, “Only amateurs attack machines; professionals target people.” Today, that quote appears prescient. As cyberthreats continue to rise on a global scale, humans, rather than technology infrastructure, are the primary target.
“Banks and financial institutions' approach to tech must be scalable, and should clearly articulate how it aligns with the business roadmap.”
Viren PatelIndustry Advisor - Financial ServicesWorkday
In the fallout from the COVID-19 pandemic, a surge in employees working from home means that banks are increasingly susceptible to phishing and other cyberscams. For example, exposure to malware on shared home devices could put banks at risk if processes and controls are not effectively managed.
According to the Centre for the Study of Financial Innovation’s“Banking Banana Skins 2021”report, “COVID is forcing operational changes on the banks, such as work dispersal and technological adaptation, which are opening up new opportunities for security breaches and cybercrime. A serious incident could cause havoc—in the worst (though very unlikely) case, bringing the global payments system to a halt.”
Many banks already had the infrastructure in place to support some level of remote working, but few could’ve expected the enormous surge in demand. These institutions must have the ability to determine that users are who they say they are, and that they’re behaving in the manner consistent with their profile. Are they using their own devices? What’s the policy around phones, tablets, and other devices?
As always, the solution lies at the intersection of people, process, and technology. Viren Patel, strategic industry advisor for financial services at Workday, explains how banks are dealing with this insider threat with a three-pronged approach: prevention, detection, and response and analysis.
“Prevention is always the first place to start. That means ‘at-the-door authentication,’ and includes the usage of password managers to generate secure passwords and to have good failure policies in place. It also incorporates multifactor authentication (MFA),” says Patel.
“Organisations should understand who their users are, what their roles are, and how authentication requirements change across roles. It’s important for businesses to understand that policy reviews and updates are critical over time.”
“Adaptiveness and adaptive talent management are now crucial: to deal with permanent change, banks must expand their talent pool by tapping into skill adjacencies and proactively help employees develop new skills at speed.”
Aurelie L’HostisSenior AnalystForrester
If prevention fails, then a bank’s next line of defence is detection. Being able to identify login patterns is crucial. This provides organisations with the ability to report on login details: IP address, username, and whether—and why—the login attempt was or wasn’t successful.
“I’d say that understanding user activity is also key. Bank IT administrators and auditors both need to understand how users engage across their systems. It’s important to understand context, and have the ability to drill down into the sign-on-specific information behind login attempts,” says Patel.
It’s important for organisations to have triggers for suspicious activity based on preconfigured rules. Alerts should be used to take action on user privileges to minimise the time it takes to stop suspicious activity.
最后, response and analysis are key to any bank’s IT risk strategy. A part of this is creating aculture of securitywhereby employees are continually given education and training around cybersecurity. This should involve phishing exercises with test emails sent to employees to gain an understanding of how many are clicking dubious URLs.
In the emerging reality of the post-COVID world, environmental, social, and governance (ESG) is becoming a central focus for European banks. Banks face pressure from a number of areas, with investors and customers as the two key stakeholders demanding real action. Investors examine the material impact of climate change and how it affects risk. Customers are increasingly looking at the ethical credentials of banks when deciding which brands they want to work with.
This all demands action from bank CEOs. In aglobal survey by KPMG, almost three‑quarters of banking CEOs said they believed their future growth will be largely determined by their ability to anticipate and navigate the shift to a low-carbon, clean-technology economy. However, most are struggling to come to grips with what that really means for their bank going forward.
Banks and their leaders are fully aware of the need to transform and fully embrace digital. The industry throws billions of Euros at the challenge each year, yet problems persist around how aligned such digital transformation efforts are with business objectives.
Data capture and delivering actionable insights are at the heart of ESG in the banking sector. Institutions know they will inevitably pivot toward more sustainable investments, but the need for short-term profitability means they can’t simply walk away from “unsustainable finance” assets. Having the experience, insight, and data to map all those potential consequences is proving to be a challenge.
The good news is that another set of technologies—artificial intelligence and machine learning (AI/ML)—is aiding both the analysis of business data and the processes needed to execute on ESG. And even better, AI/ML is inherently deployed as part of many cloud-based solutions.
Importantly, the combination of three technologies, cloud, data analytics, and AI/ML, will be key to the transformation of the banking industry and its renewed focus on ESG.
More Reading
In arecent webinar, Clare Hickie, Workday’s EMEA CTO was joined by Phil Carter, GVP and European chief analyst at IDC, and Russell Smith, Head of Enabling Units IT at AstraZeneca, to discuss the findings of a recent IDC report “The Digital Business Fabric: Unlocking the Right Data Architecture to Power Your Business” and to explore how the role of data champion is helping AstraZeneca to meet its bold ESG ambitions.
Many CIOs are in the driver's seat when it comes to deciding their organization's overall ERP strategy. Yet successful transformation requires effective partnership with other stakeholders, particularly the CFO. Learn why building strong relationships across the business is critical to ERP modernization, and the business benefits that come from an adaptable platform.
The prospect of transforming complex business-critical systems is enough to scare off some CIOs from tackling core modernization efforts. But maintaining the status quo presents an even greater risk to the business. Learn what the path to a modern ERP environment looks like.
