The digital transformation of any business is an exciting, dynamic and multi-dimensional exercise, especially against a backdrop as fast-paced and uncertain as today’s. When pursuing new opportunities, we must also be aware of the risks.
As we explore new ways to collaborate with business partners, pursue new efficiencies and develop new value propositions, we have to recognize that the complex threat of cybercrime will also continue to take new forms. To achieve long-term success, information security should be embedded deep in the culture, services and processes of every organization.
How are threats evolving? How are we all responding? And what can financial institutions and corporate treasuries in particular do to improve their information security defenses?
In the finance sector, enthusiasm for the opportunities of decentralized finance is being tempered by the many risks attached to cryptocurrencies, including cyberattacks. Even before the sector’s roller-coaster ride over the past 12 months, the US Federal Trade Commission was warning of a 10-fold increase in crypto-related investment crime. More broadly, digital innovation will continue to present new opportunities and threats, as is reflected by the transformative claims and security concerns already being expressed in relation to quantum computing.
All these developments come as organizations in the public and private sector look to build on the rapid, far-reaching but sometimes unplanned steps they took toward digital transformation during the pandemic. Many firms surprised themselves with how well they adapted to digitized operations and communication with employees, suppliers and customers, but these efforts inevitably increased their threat surfaces and overall vulnerabilities.
According to the World Economic Forum’s Global Cybersecurity Outlook 2022, 81% of global cybersecurity leaders believe digital transformation is the main driver in improving cyber resilience, suggesting many are investing heavily in information security, but may still be in catch-up mode.
Costs and risks around information security are substantial and rising, with ransomware widely seen as the biggest current threat. Eighty percent of cyber leaders told WEF that ransomware is “a dangerous and evolving threat to public safety” and half said it was one of their greatest cybersecurity concerns. IBM has estimated that the average cost a ransomware breach is US$4.62 million. Elsewhere, it has been claimed ransomware will cost firms US$265 billion annually by 2031.
It is no surprise that both regulators and investors are leaning on firms to take tougher action. Like many finance sector watchdogs globally, the US Securities and Exchange Commission is proposing new rules to improve cybersecurity policies, processes, disclosures and record-keeping. And a recent responsible investment survey by RBC Global Asset Management found that cybersecurity is one of the top three engagement themes for asset owners and managers.
Every CISO knows there is no one silver bullet when it comes to fighting cybercrime. It is essential for any organization to build information security into business culture and process, from top to bottom, including ongoing training for employees and partnership across the supply chain. In this spirit of continuous improvement, SkySparc recently undertook to achieve ISO 27001 accreditation, to help ensure the quality and effectiveness of the information security management systems.
In short, information security is no longer the sole responsibility of technologists. However, IT managers and suppliers continue to play a unique and critical role, for example ensuring that cybersecurity issues are always front and center, both in terms of a company’s strategic plans but also its day-to-day operations.
Across all our core client segments, we see this prioritization of information security reflected in demand for our Patch Upgrade as-a-Service (PUaaS). Knowing that cybercriminals prey on the vulnerabilities created by out-of-date tools and technologies, clients are opting for the efficiency of PUaaS to ensure their treasury management systems (TMSs) are upgraded quickly and smoothly to the most recent available version, thus fully compatible with the latest enterprise-level software across the organization’s technology infrastructure.
We live in a world where cyber-crime is increasing. Security concerns and requirements led us to a strategy of upgrading every year.
Dennis Hooft, Dutch State Treasury Agency
Cybersecurity concerns were a key driver for PUaaS’ pilot project with the Dutch State Treasury Agency, which has used the tool to adopt a continual upgrade cycle. “We live in a world where cyber-crime is increasing. Security concerns and requirements led us to a strategy of upgrading every year,” said DSTA’s Dennis Hooft, following the successful completion of the pilot, which led to SkySparc being recognized as Best Technology Consultant in Central Banking Publication’s 2019 FinTech and Reg Tech Global Awards.
The PUaaS model combines highly automated testing processes with a tried-and-tested upgrade methodology to minimize project risk and timelines and increase project efficiency and reusability. The installation and migration stages can be conducted remotely if required, and the comprehensive testing phase – supported by OmniFi’s proven Autotest capabilities – includes a failover test, to ensure a production-like environment can be established within an acceptable timeframe in the event of a production failure.
Large corporates and financial institutions are among the most-targeted organizations for cyber-criminals. This means their information security strategies must be comprehensive and flexible to new challenges. Within this, every vulnerability must be assessed and minimized. As such, information priorities dictate that no organization can afford to delay upgrades to mission-critical tools such as TMSs.