The number one priority for financial services businesses globally is operational resilience, specifically managing digital disruption.
The US Federal Reserve recently commissioned a study into sound practices, the Basel Committee released a document outlining the principles of operational resilience and the Bank of England initiated rule changes to ensure that mission-critical services can be provided when there are IT glitches, outages, cyber-attacks or other IT disruptions.
Closer to home, Deloitte’s 2020 Digital Disruption Index revealed a distinct focus on digital development, with more than half of South Africa’s organisations planning to invest in AI over the next 18 months. Around two-thirds of senior leaders regarded cloud, cyber security and data analytics as business critical technologies.
The network’s status as the heartbeat of the IT infrastructure means that identifying and eliminating vulnerabilities in the network must be prioritised.
Although there are vulnerabilities in hardware and software, human error is the leading cause of reported data breaches. Gartner suggests that by 2023, at least 99% of cloud security failures will be the customer’s fault, mainly in the form of resource misconfiguration.
Device misconfigurations are often the result of basic errors - as a typo that prevents traffic from accessing servers or miscommunication, for instance – but they can lead to security risks, outages and downtime. Making matters worse, rectifying incorrect configurations can cause greater headaches if, for example, your solution leaves ports open and vulnerable to attack. Firewalls act as the first line of defence, so any misconfiguration exposes the network to serious risk.
Hardware upgrades are costly, and outdated software and systems don’t always have the latest security updates and patches don’t always work on older versions. As a result, the development team spends a lot of time on customised fixes.
Even with good security defence systems in place, it is important to be prepared for the worst scenario. Businesses that lose data or experience outages not only have to deal with reputational fallout, but they also breach compliance standards. The system needs to be brought back online as quickly as possible and this is only possible if disaster recovery processes have been planned, configured, tested and maintained.
Businesses need accurate data to make informed decisions. However, there are stringent data compliance standards governing the collection, encryption, storage and backup of data, as well as accuracy and integrity.
A full audit across the system needs to be conducted to assess vulnerabilities. Although it is very time consuming, it is critical to interrogate every device, every network and every access point to ensure that existing weaknesses are identified, accurate reports are available and next steps are clear.
Once the initial assessment is complete, you’ll need to continuously monitor and maintain the network to pre-empt security risks and fix flaws while it is still possible to do so.
To make informed decisions, accurate data also needs to be presented in a meaningful way. A centralised network configuration, with accessible reports for all key stakeholders, limits risk exposure and mitigates against cyber-attacks.
Maintaining operational resilience can be challenging for businesses given the complex finance laws and compliance standards in the financial services sector. This underscores the need to implement the right technology and tools before a cyber-attack or data breach.
Do you have a system in place to track changes? A threat like unauthorised devices connecting to the network could cause irreversible damage if not eliminated quickly.
Get in touch if you’re interested in preparing for future vulnerabilities. AppCentrix can help drive network efficiency, eliminate time-consuming manual processes and achieve operational resilience.
Comments