Connect with us

Business

Banking on legacy – The risks posed by ‘stone age’ banking infrastructure

Source: Finance Derivative

By Andreas Wuchner, Angel Investor of Venari Security

Introduction

If you consider the most significant motivating factors behind cyber-attacks – the promise of large financial reward and the opportunity to cause maximum business and social disruption – it’s little wonder that banks and financial institutions are amongst the most inviting targets for would-be cyber criminals. In fact, according to IBM’s recent report, ‘banking and finance’ was the most attacked industry for the five years between 2015 and 2020 – surpassed only by threats to critical infrastructure in recent years. Successful attacks can provide aggressors with a mass of sensitive personal and financial information, and even access to people’s money itself. Furthermore, a suspension of withdrawals and deposits can cause huge social disruption and reputational damage. 

As banks have reacted to years of new regulation and emerging technologies, they often operate with a hugely complicated and disparate technology estates. This provides malicious actors with a wealth of potential attack vectors. A small breach from anywhere in this network can have enormous consequences, and lead to entire systems being overrun. As such, it’s crucial that security teams operate with the highest-grade security possible, including ensuring the strongest level of encryption standards. Banks need to look beyond regulatory tick-box commitments and ensure they are taking proactive and preventative steps to monitor and combat malicious attacks across their entire network.

Andreas Wuchner

However, the ability to react to cyber-threats across a vast estate requires speed and flexibility to quickly react and update security protocols. The sheer volume of legacy infrastructure slows this process down considerably leaving many security teams in a vicious cycle. 

The threat of legacy infrastructure

A sizeable proportion of the banking industry still maintains a reliance on systems first developed more than 40 years ago. In fact, many ‘core banking’ systems, like payments, loans, mortgages and the associated technologies, are still coded using COBOL (Common Business-Orientated Language), an otherwise defunct programming language that is older than the internet itself. In the UK and Europe, COBOL remains the ‘backbone of banking services,’ while in the USA, as much as 43% of banking systems are built on COBOL, meaning it underpins much of our financial system.

This presents a huge security risk. While code has been regularly updated over the years, these systems were built when security threats were far less sophisticated, less well-financed and the burden of data was far less pronounced. For several years, governments have pointed towards legacy systems, built using COBOL, as a major cybersecurity threat, incompatible with modern security best practices and solutions, including multi-factor authentication. For example, data from Kaspersky found that businesses with outdated technology are much more likely to have suffered a data breach (65%) than those who keep their technology updated (29%).

A further security consideration is the diminishing number of people who are trained in maintaining COBOL systems. Every year, experienced professionals exit the industry, making it increasingly difficult to service legacy technologies and creating significant delays in patching threats once they’re identified. This lack of supply of sufficiently trained experts, and the demand they face, makes any updates extremely expensive and time consuming.

Furthermore, legacy infrastructure is preventing the secure application of encryption, posing its own distinct cybersecurity and regulatory risks. Encryption is often heralded as a silver bullet solution for data privacy and has been a continuing area of focus for regulatory bodies in recent years. However, banks remain guilty of poor deployment, maintenance and management of encryption – using outdated protocols and inefficient methods of analysing and understanding network traffic. This, coupled with legacy ‘core banking’ systems that are incompatible with modern encryption techniques, equates to a regulatory and security headache for security teams.

Adopting a new mindset

The risks posed by legacy systems and the volume of cybersecurity threats facing banks, mean a concentrated re-think of overall cybersecurity strategy is needed to prevent breaches and ensure data is protected long-term. Traditionally, banks have taken an ‘outside-in’ view – dedicating capacity, finances and knowledge to dealing with threats that are existing, known and well publicised. However, to aid long-term security, this should be superseded by an ‘inside-out’ proactive approach, whereby security teams are cognisant of their own internal systems and where the key vulnerabilities are found. Once banks have a detailed view of the security risks posed by their legacy systems, and specifically what data is threatened, they can address flaws, update these systems and build a stronger overall security posture.

The secure path ahead

Many of our successful high-street banks today have centuries of experience in dealing with social, economic and regulatory upheaval. However, the rapid development and deployment of technology continues to present a unique challenge. Many ‘traditional’ banks have built a complex technology infrastructure through decades of adjustment to new legislation and emerging technologies. While serviceable in the past, fintech start-ups are pushing the long-term viability of these systems to the limit.

Challenger banks have the luxury of being built from the ground-up, prioritising convenient digital services and features, and modern security processes. As the user base of these banks increase, customers are increasingly expecting these features and security from their existing banks, meaning even more complexity added to legacy infrastructures. As outlined by Deloitte, existing firms simply aren’t positioned to support the rising expectation of the market, exposing banks to additional risk and liability.

What’s more, it’s estimated that banks spend as much as 80% of their yearly IT budgets on the maintenance of legacy systems. While an immediate switch away from these systems is unrealistic, there is an opportunity to reduce wasted spend and divert spend towards modernisation efforts. However, while traditional banks may want to adapt quicker to technological advancements, they need to do so while continuing to minimise cyber risk and without jeopardising the security of their data or systems. This means placing cybersecurity at the heart of any modernisation efforts and maintaining a steady rate of change. As more of the technology estate begins to be modernised, the potential risks of regulatory non-compliance will also reduce.

Legacy systems need a considered update

Banking systems have heavily relied on legacy infrastructure for too long now, bringing difficulties in maintaining the highest-grade cybersecurity and in facilitating innovation. The risks presented by novel cybersecurity attack vectors and competition from new and emerging digital services offered by challenger banks are exacerbating these issues. As such, legacy systems need a managed modernisation in the long-term, facilitated in part by a managed redistribution of existing IT spend. However, to ensure long-term security overall, cybersecurity needs to be central to be at the very heart of modernisation efforts.

 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Driving Business Transformation Through AI Adoption – A Roadmap for 2024

Author: Edward Funnekotter, Chief Architect and AI Officer at Solace

From the development of new products and services, to the establishment of competitive advantages, Artificial intelligence (AI) can fundamentally reshape business operations across industries. However, each organisation is unique and as such navigating the complexities of AI, while applying the technology in an efficient and effective way, can be a challenge.

To unlock the transformational potential of AI in 2024 and integrate it into business operations in a seamless and productive way, organisations should seek to follow these five essential steps:

  • Prioritise Data Quality and Quantity

Usefulness of AI models is directly correlated to the quantity and quality of the data used to train them, necessitating effective integration solutions and strong data governance practices. Organisations should seek to implement tools that provide a wealth of clean, accessible and high-quality data that can power quality AI.

Equally, AI systems cannot be effective if an organisation has data silos. These impede the ability for AI to digest meaningful data, and then provide the insights that are needed to drive business transformation. Breaking down data silos needs to be a business priority – with investment in effective data management, and an application of effective data integration solutions.

  • Develop your own unique AI platform

The development of AI applications can be a laborious process, impacting the value that businesses are gaining from them in the immediate term. This can be expedited by platform engineering, which modernises enterprise software delivery to facilitate digital transformation, optimising developer experience and accelerating the ability to deliver customer value for product teams. The use of platform engineering offers developers pre-configured tools, pre-built components and automated infrastructure management, freeing them up to tackle their main objective; building innovative AI solutions faster.

While the development of AI applications that can help streamline infrastructure, automate tasks, and provide pre-built components for developers is the end goal, it’s only possible if the ability to design and develop is there in the first place. Gartner’s prediction that Platform Engineering will come of age in 2024 is a particularly promising update.

  • Put business objectives at the heart of AI adoption – can AI deliver?

Any significant business change needs to be managed strategically, and with a clear indication of the aims and benefits they will bring. While a degree of experimentation is always necessary to drive business growth, these shouldn’t be at the expense of operational efficiency.

Before onboarding AI technologies, look internally at the key challenges that your business is facing and question “how can AI help to address this?” You may wish to enhance the customer experience, streamline internal processes or use AI systems to optimise internal decision-making. Be sure the application of AI is going to help, not hinder you on this journey

Also remember that AI remains in its infancy, and cannot be relied upon as a silver bullet for all operational challenges. Aim to build a sufficient base knowledge of AI capabilities today, and ensure these are contextualised within your own business requirements. This ensures that AI investments aren’t made prematurely, providing an unnecessary cost.

  1. Don’t be limited by legacy systems

Owing to the complex mix of legacy and/or siloed systems that organisations employ, they may be restricted in their ability to use real-time and AI-driven operations to drive business value. For example, IDC found that only 12% of organisations connect customer data across departments.

Amidst the ‘AI data rush’ there will be a greater need for event-driven integration, however, only an enterprise architecture pattern will ensure new and legacy systems are able to work in tandem. Without this, organisations will be prevented from offering seamless, real-time digital experiences, linking events across departments, locations, on-premises systems, IoT devices, in a cloud or even multi-cloud environment.

  • Leverage real-time technology

Keeping up with the real-time demands of AI can pose a challenge for legacy data architectures used by many organisations. Event mesh technology – an approach to distributed networks that enable real-time data sharing and processing – is a proven way of reducing these issues. By applying event-driven architecture (EDA), organisations can unlock the potential of real-time AI, with automated actions and informed decision making using relevant insights and automated actions.

By applying AI in this way, businesses can offer stronger, more personalised experiences – including the delivery of specialised offers, real-time recommendations and tailored support based on customer requirements. An example of this is in predictive maintenance, in which AI is able to analyse and anticipate future problems or business-critical failures, ahead of them affecting operations, and dedicate the correct resources to fix the issue, immediately. By implementing EDA as a ‘central nervous system’ for your data, not only is real-time AI possible, but adding new AI agents becomes significantly easier.

Ultimately, AI adoption needs to be strategic, avoiding chasing trends and focusing instead on how and where the technology can deliver true business value. Following the steps above, organisations can ensure they are leveraging the full transformative benefit of AI and driving business efficiency and growth in a data driven era.

AI can be a highly effective tool. However, its success is dependent on how it is being applied by organisations, strategically,  to meet clearly defined and specific business goals.

Continue Reading

Auto

Preparing for the Surge: Meeting the MCS Requirements of Electric Trucks

John Granby, Director of eTruck & Van, EO Charging and Erik Kanerva, Sales Director at Kempower

Auto electrification is moving at a rapid pace, with electric vehicles (EVs) going from a passion project for early technology adopters to the mainstream – especially when you consider the need to electrify consumer and commercial vehicles ahead of the government’s 2035 Zero Emission Vehicle mandate.

Electrification is also starting to play a vital role in public policy and commercial plans, leading to vehicle availability and a variety of improvements and increasing interest among commercial fleets’ prospective customers. As a result, all of the main car and van manufacturers have a respectable EV offering, and the eBus industry is well on its way to proposing a similarly credible offering for citizens.

Heavy-duty vehicle electrification has progressed slowly, but the pace has picked up over the last year, with several of the major truck manufacturers testing completely electric heavy trucks that are now near-ready to enter the general market.

This is a critical shift in the move towards net zero, given that heavy commercial vehicles account for around 25% of CO2 emissions from road transport emissions in the EU and approximately 6% of the region’s overall emissions. It’s a similar situation in the US, where medium and heavy-duty trucks account for around 29% of total road transport emissions or approximately 7% of the country’s total but make up fewer than 5% of all vehicles on the road.

Having clear goals and objectives in place for fleet electrification will be vital to ensuring the transport sector is on track. For example, Scania’s goal is that 50% of all vehicles it sells annually by 2030 will be electric. Despite Scania being the slowest into the market with battery electric vehicles, other vehicle manufacturers are following the same target, with Volvo Trucks setting itself a target for 50% fully electric vehicles by 2030 and the same with Renault, for example.

Meeting this ambitious goal will require the appropriate charging infrastructure in place so customers have the confidence to invest in the large-scale electrification of their fleets. That is one of the reasons why charging system manufacturer Kempower expects the commercial vehicle DC charging market in Europe and North America to have a 37% compound annual growth rate until 2030.

Trucks require substantial battery packs to provide a similar range as traditional engines, and having the right infrastructure in place to keep them regularly charged is certainly a key factor to consider when electrifying truck fleets. According to the European Automobile Manufacturers’ Association (ACEA), trucks will require up to 279,000 charging outlets by 2030, with 84% located in fleet hubs. By 2030, buses will require up to 56,000 charging outlets, with fleet hubs accounting for 92% of the total.

The Charging Interface Initiative (CharIN) is a global organisation that has been working on a standard for the rapid charging of trucks for several years. CharIN developed the Megawatt Charging System (MCS) concept, which serves as the foundation for the ISO and IEC standards which govern the design, installation, and operation of truck fast charging infrastructures.

The MCS is intended to standardise the quick delivery of enormous amounts of charging power to vehicles and provide stronger communication, which minimises downtime caused by unsuccessful charging events.

Customers who drive commercial vehicles follow particular driving habits. By taking advantage of the required break time from the hours-of-service restrictions governing their drivers, customers can travel further each day thanks to the increased charge rate that MCS offers. Better electrification of commercial cars is made possible by legislation that mandates that drivers take rest breaks. As a result, shorter charging durations to accommodate these breaks are beneficial.

The MCS will operate at up to 3,000A and 1,25 KV at its final development stage, delivering up to 3,75 MW of power when charging. With the backing of a significant segment of the industry, MCS is founded on an international consensus on technical standards. An internationally recognised standard is essential to promote harmonised solutions that reduce costs and boost interoperability without sacrificing safety and uptime.

Trucks on the highway are a key focus of the MCS, not only depot pricing. Large truck units operating long-haul routes and some smaller rigid trucks operating cross-border short-haul deliveries—such as logistics organisations operating deliveries between the United Kingdom and continental Europe—pay particular attention to this issue.

Most MCS charging occurs while drivers take breaks from their routes, but some depots may have a single MCS charger on site to do a flash charge if a truck needs to be turned around quickly. In order to balance this unit’s demand against other chargers on site, load management is crucial because it will require a power supply of at least 1 MW+.

Fleet operators should look to consider incorporating MCS into their whole charging ecosystem and solutions, regardless of whether they are thinking about how electrification will affect their fleet of vehicles on the road or how their depots will operate.

Adopting cutting-edge energy management technology solutions will enable effective fleet electrification, particularly at depots. Investing in effective load management technologies will be critical to maximising existing grid infrastructure capacity while decreasing the need for additional investments in generation or distribution capacity.

Investing in and deploying effective energy management technologies is the key to a smoother, more efficient shift for commercial fleet operators. They are critical in lowering energy expenses, both economically and environmentally.

Energy management solutions for charging electric fleets will also help maximise existing grid capacity, reducing the need to invest in new generation or distribution capacity. This will be an essential factor for fleet managers to consider as eTruck fleets expand and other commercial vehicle fleets, such as buses, increase demands on infrastructure.

With unprecedented energy and investment going into electrification, 2024 looks to be a pivotal year for picking up the momentum of progress around MCS in the logistics sector. If done right, it will create a shift of optimism in the market to accelerate the electrification of commercial fleets and promises to positively impact other sectors, such as marine and aviation, contributing significantly to reducing carbon emissions.

Continue Reading

Business

Three ways beauty and personal businesses can gain back lost revenue due to admin, ahead of summer

Attributed to: Samina Hussain-Letch, Executive Director, Square UK

The entrepreneurial beauty and personal care sector in Britain amounts to a whopping 36 billion pounds, but the pressure of manual labour endured by business owners is an obstacle for converting revenue and growth.

Our recent industry study highlights that nearly half (43%) of British barbers, spas, nail salons, personal trainers, tattoo parlours, and piercing studios are not using digital platforms or tools to automate bookings, ultimately losing over a full working day each week to administrative tasks alone. This equates to approximately two months lost per year, to manual admin tasks for beauty and personal care businesses.

We’ve listed three ways beauty and personal care businesses can gain back revenue ahead of summer:

  • Detoxing manual admin

Admin tasks are the equivalent to Pandora’s box for beauty and personal care businesses. The tasks may constitute using paper diaries to schedule appointments, manually rescheduling appointments, or taking bookings and sending reminders by message or phone call.

These seemingly minor chores can be a large time drain for businesses that rely on manual processes. The research found filing down time between client appointments to be one of the most difficult challenges, with 39% of the sector facing this over the last year, alone.

Businesses should identify how they could set timings to the specific duration of each service and still build in cleaning time after the appointment. Digital tools like an appointment booking software play a crucial role. By automating manual admin, owners can offer bookings with a wide booking window, allowing them to spend devoted time on each customer, resulting in the allowance to foster a loyal relationship that will keep them coming back, while giving their workforce time to clean up after the appointment.

  • Tapping into the power of technology

The solution here may sound simple, but business owners should again lean on technology to transform manual labour.

With time back, salons can give their workforce time to speak to customers on what other services they can offer to expand business offerings.

With the integration of tech tools for beauty and personal care businesses, nearly half (48%) of business owners would like staff to treat themselves to finishing work on time, while identifying new training for their team. Adopting a technology solution can unlock efficient management for businesses as appointments can be booked online and reminders can be sent using the software.

With the research showing that 42% of consumers want to book appointments on the weekend or after hours, working with the software promises ease for customers that are looking to make reservations after businesses are closed for the day.  But how can beauty and personal care business owners look to drive up their revenue when switching to an appointment software?

  • Driving up the revenue road

Our research also highlighted that only 1 in 5 of beauty and personal care businesses are automating marketing campaigns or inventory management. This sheds light that not all beauty and personal care businesses are optimising their toolset.

The time gained back from using automated appointment software allows businesses to think more strategically about marketing and pricing. Integration of an automated software readily links up with an online store that allows salons to not only manage inventory more effectively, but offer new products to clients on different channels of their choice.

With new offerings, businesses have extra opportunities and routes to drive up revenue. Selling products online is a sure-fire way of creating new business, as well as keeping their back end organised and offering consumers more options when it comes to buying products that are used within or after their appointment – as take home collateral.

Having an automated booking software for beauty and personal care businesses is a great way to unlock further revenue, train a workforce with time back, spend more time connecting with clientele and ensuring the business is driving bookings even while the salon is closed. It’s a win-win situation that will position businesses for success this year. Because as we all know, a business is only as successful as their customer satisfaction.

Continue Reading

Copyright © 2021 Futures Parity.