Source: Finance Derivative
Bernard Montel, EMEA Technical Director and Cybersecurity Strategist,Tenable
Data is essential in today’s world. Because of this, businesses of all types and sizes are facing one of the most serious continuity and reputational threats of our time: cyberattacks. Cybercriminals capitalise on data, and the more private and/or personal, the more interest cyber criminals will show. This makes financial services a prime target for attackers given the type of information utilised. Cyberattacks go beyond data as, if the attack implicates the digital infrastructure the bank relies upon to function, it can cause system outages which has a direct impact to the entire economy.
According to research by Tenable at least 40,417,167,937 records were exposed worldwide in 2021, but that’s just an indication of the true number. According to the researchers, just 13% of breach disclosures analysed included information on the number of records exposed, meaning this figure will be significantly higher. As the world of work continues to transform, and hybrid working becomes crucial for business growth, leaders must begin to think seriously about security.
The Threat of Ransomware
Ransomware has had a monumental impact on organisations in 2021, responsible for approximately 38% of all breaches analysed for the Threat Landscape Retrospective report, and up to 45% in EMEA. With the rise of ransomware globally, every organisation has been feeling the pressure; but only a few have felt the pain as much as financial institutions and financial service providers.
The most popular way attackers infect organisations is through spam and phishing emails. Others, however, may contain a link to a webpage controlled by the attackers. The goal is to get the target to open the attachment and trick the victim into enabling macros or clicking the link. This can deliver a malicious downloader, leading to the final payload, which is ransomware. Due to the nature of financial institutions as places where individuals and institutions place their money and trust, the severity and potential consequences of a successful ransomware attack can be widespread and long lasting.
Basic security principles can go a long way in blocking the attack path ransomware takes. In the majority of instances, it is a known vulnerability that allows the malware to infiltrate the infrastructure and encrypt systems. Another attack path is the exploitation of misconfigurations in Active Directory. Threat actors will use these to elevate privileges to dig deeper into the network.
The New Normal
During the pandemic, millions of financial services employees, from traders to bankers, transitioned to working remotely. A recent study conducted by Forrester revealed that 78 percent of businesses have reported that some of their staff are still working from home. Stepping into the New Year, businesses must be aware that the digitalisation of financial services and remote working are here to stay. In fact, financial institutions have the highest chance of maintaining remote and hybrid work models, since three-quarters of their employees’ time can be used productively out of the office.
In their shift to remote working, organisations have been migrating their operations to cloud, often without enough thought given to the security implications of this shift. As businesses continue to implement remote working policies, they are simultaneously adopting cloud infrastructure and bringing in more third-party service providers. Business leaders supporting a remote workforce must be conscious of how these changes influence their security posture.
Successfully Connecting Cybersecurity and Financial Institutions
The World Economic Forum’s Global Risk Report 2022 has ranked cybersecurity as the number one risk in Great Britain and Ireland, meaning cyber risk will remain dominant amongst the areas of emergent threats in the New Year.
Attacks in the financial services industry are not a new concept and, in recent years, banks and institutions have become much more sophisticated and regulated. However, it is essential to secure external vendors and potential points of weakness, particularly through implementing audited industry best practises.
Security teams need to adopt solutions that provide appropriate visibility, security and control across the cloud and converged infrastructure. Identify the critical systems organisations rely on to function, identify any vulnerabilities that affect these systems, then take steps to either patch or remediate the risk. Also address excessive permissions in Active Directory that allow attackers to elevate privileges to further infiltrate the infrastructure.
As businesses start to truly understand their expanded attack surface, ensuring that they hold the same level of control and governance over the cloud as they would do for on-premises security is essential. In the post-COVID world, which is increasingly interconnected and digitalised, failing to do the basics means the business is vulnerable and disruption imminent whoever is attacking.
Building a Greener Web: Six Way to Put Your Website on an Emissions Diet
By Roberta Haseleu, Practice Lead Green Technology at Reply, Fiorenza Oppici, Live Reply, and Lars Trebing, Vanilla Reply
Most people are unaware or underestimate the impact of the IT sector on the environment. According to the BBC: “If we were to rather crudely divide the 1.7 billion tonnes of greenhouse gas emissions estimated to be produced in the manufacture and running of digital technologies between all internet users around the world, it would mean each of us is responsible for 414kg of carbon dioxide a year.” That’s equivalent to 4.7bn people charging their smartphone 50,000 times.
Every web page produces a carbon footprint that varies depending on its design and development. This must be more closely considered as building an energy efficient website also increases loading speeds which leads to better performance and user experience.
Following are six practical steps developers can take to reduce the environmental impact of their websites.
- Implement modularisation
With traditional websites that don’t rely on single page apps, each page and view of the site is saved in individual html files. The code only runs, and the data is only downloaded, for the page that the user is visiting, avoiding unnecessary requests. This reduces transmitted data volume and saves energy.
However, this principle is no longer the standard in modern web design which is dominated by single page apps which dynamically display all content to the user at runtime. This approach is easier and faster to code and more user-friendly but, without any precautions, it creates unnecessary overheads. In the worst case, accessing the homepage of a website may trigger the transmission of the entire code of the application, including parts that may not be needed.
Modularisation can help. By dividing the code of a website into different modules, i.e. coherent code sections, only the relevant code is referenced. Using modules offers distinct benefits: they keep the scope of the app clean and prevent ‘scope creeps’; they are loaded automatically after the page has been parsed but before the Document Object Model (DOM) is rendered; and, most importantly for green design, they facilitate ‘lazy loading’.
- Adopt lazy loading
The term lazy loading describes a strategy of only loading resources at the moment they are needed. This way, a large image at the bottom of the page will not be loaded unless the user scrolls down to that section.
If a website only consists of a routing module and an app module which contain all views, the site will become very heavy and slow at first load. Smart modularisation, breaking down the site into smaller parts, in combination with lazy loading can help to load only the relevant content when the user is viewing that part of the page.
However, this should not be exaggerated either as, in some instances, loading each resource only in the last moment while scrolling can annihilate performance gains and result in higher server and network loads. It’s important to find the right balance based on a good understanding of how the app will be used in real life (e.g. whether users will generally rather continue to the next page after a quick first glance, or scroll all the way down before moving on).
- Monitor build size
Pre-processors come with the possibility to prevent a build to complete if its files are bigger than a variable threshold. Limits can be set both for the main boot script as well as the single chunks of CSS to be no bigger than a specific byte size after compilation. Any build surpassing those thresholds fails with a warning.
If a build is suspiciously big, a web designer can inspect it and identify which module contributes the most, as well as all its interdependencies. This information allows the programmer to optimise the parts of the websites in question.
- Eliminate unused code
One potential reason for excessive build sizes can be dozens of configuration files and code meant for scenarios that are never needed. Despite never being executed, this code still takes up bandwidth, thereby consuming extra energy.
Unused parts can be found in own source code but also (and often to a greater extent) in external libraries used as dependencies. Luckily, a technique called ‘tree shaking’ can be used to analyse the code and mark which parts are not referenced by other portions of the code.
Modern pre-processors perform ‘tree shaking’ to identify unused code but also to exclude it automatically from the build. This allows them to package only those parts of the code that are needed at runtime – but only if the code is modularised.
- Choose external libraries wisely
One common approach to speed up the development process is by using external libraries. They provide ready-to-use utilities written and tested by other people. However, some of these libraries can be unexpectedly heavy and weigh your code down.
One popular example is Moment.js, a very versatile legacy library for handling international date formats and time zones. Unfortunately, it is also quite big in size. Most of all, it is neither very compatible with the typical TypeScript world nor is it modular. This way, also the best pre-processors cannot reduce the weight that it adds to the code by means of ‘tree shaking’.
- Optimise content
Designs can also be optimised by avoiding excessive use of images and video material. Massive use of animation gimmicks such as parallax scrolling also has a negative effect. Depending on the implementation, such animations can massively increase the CPU and GPU load on the client. To test this, consider running the website on a 5 to 10-year-old computer. If scrolling is not smooth and/or the fans jump to maximum speed, this is a very good indication of optimisation potential.
The amount of energy that a website consumes — and thus its carbon footprint — depends, among other factors, on the amount of data that needs to be transmitted to display the requested content to users. By leveraging the six outlined techniques above, web designers can ‘slim’ their websites and contribute to the creation of a more sustainable web whilst boosting performance and user experience in the process.
The trends to expect in the future of work in 2023 through the lens of a CFO
Source: Finance Derivative
By Eliran Glazer, CFO at monday.com
Not a week goes by without significant evolution in the world of work. The landscape is continuously evolving and these shifts can be analysed from many different perspectives..As it has been in recent years, the position of the CFO will continue to be paramount in spearheading essential business initiatives, communicating with employees and other stakeholders, and ensuring cross-company alignment and advancement. However, how will the role of the CFO evolve in 2023 and what can those involved in financial decisions expect in 2023?
CEO and CFO alignment is crucial for success in 2023
CEOs and CFOs know a company’s success can only occur when they work in tandem to improve organisational performance for sustainable growth. To continue to expand, the CEO and CFO will work together more closely than ever to guarantee company operation, efficiency, resiliency and guidance throughout times of transition.
With the market changing at a rapid speed, organisational agility is vital for continued success. When the CEO and CFO are closely aligned, they bring their areas of expertise to the table to drive crucial strategic decisions together so the organisation can adapt to a changing economic landscape.
This is even more applicable in the current macroeconomic environment and geopolitical tension, when every business decision has a significant financial weight. With 70% of boards of directors looking to accelerate digital business endeavours and strategies, finance leaders will have an integral role when it comes to ensuring sustainable company growth.
Investments in digital tech is paramount this year
Since the onset of the Covid-19 pandemic, teams have taken a more dynamic and digitised approach in collaboration to address remote work, across time zones, between offices and at home. For 2023, corporations should expect to see further investment in digital technology that will enable teams to have a more harmonised approach to the digital workforce. Finance leaders will play a substantial role in implementing the processes and structure by identifying the right tech tools needed for this approach. Due to this, CFOs must now be aware of the need to adopt digital technology to drive efficiency.
Based on research from a Gartner survey that polled CFOs in July 2022, 66% said they planned to expand their investment in digital technology in the next 12 months. Additionally,another 32% said they would uphold such spending – the most significant percentage of any spend category. To best serve hybrid workers, businesses will need to enhance not only the customer experience but also their employee experience and satisfaction through the support of dynamic and digital collaboration tools.
Proactivity & transparency in this era of change
During this unpredictable economic climate, proactivity and transparency from finance leaders are key for making decisions that are data-driven and staying agile. To stay agile, CFOs must actively drive collaboration and partnering across functions to position the enterprise to respond to the challenges. This requires finance leaders to ensure that employees are kept in the loop of strategic decisions pertaining to the company. This can only be done by regular updates to the employees about the company’s range of projected scenarios for the upcoming months and any planning adjustments.
To ensure success and resiliency in combatting today’s challenges, finance leaders must be proactive and transparent when conveying the business landscape. It is crucial that CFOs set realistic expectations and break down concepts so that they are well understood and clear for all employees within the company. Educating employees about financial jargon alongside the state of the global economy will also help them find their footing in these challenging times.
2020 marks a milestone in the evolution of a CFO
While 2023 may seem challenging for CFOs with this great responsibility, they have a unique opportunity to make a significant and positive impact. What is most important for a company to overcome the challenges in 2023 is how flexible and nimble they can be, which requires the CFO to be a crucial player in the company’s growth during these times.
The scope of the role of CFOs has changed over the years. It is no longer solely on how to scale a business, but rather how to focus on the efficiency within that growth. To facilitate opportunities, the role of finance leaders will continue to expand this year. By identifying ways in which the CFO role can produce results, support, and even lead other parts of the company, will stimulate more collaboration, communication, and, ultimately, success.
Top 5 benefits of low-code development in financial services
Source : Finance Derivative
By Richard Higginbotham, Product Manager at Netcall
Amid the rise of challenger banks like Monzo and Resolut, traditional financial services institutions have never been under more pressure to deliver the innovative and personalised service conferred by digital transformation. The banking sector could stand to gain $1 trillion a year from artificial intelligence and machine learning alone. However, many institutions struggle with how to achieve results. Low-code development not only offers an accessible conduit to digital transformation, but it also comes with a host of other benefits.
Read on to learn about some of the top benefits financial services gain from low-code:
- Faster in-house development
Through a low-code application platform designed for business users, financial services organisations can develop full-stack applications three to 10 times faster than with standard development. Low-code makes it possible for business users to develop beyond core function with oversight from IT, increasing developer capability and expediting app development from months to just days in some cases.
This enables businesses to accelerate digital initiatives despite acute shortages of skilled developers. The ease of making changes to low-code applications and the ability to rapidly develop solutions creates the organisational resilience and agility the financial sector needs for long-term success.
Low-code applications combine well with robotic process automation, making integration possible even where legacy applications have proved challenging. This unlocks greater opportunities for automation at scale and improves customer experience, leading to greater returns and efficiencies.
- Improved experiences for customers and employees
Our use of technology is rapidly evolving, with the emerging generation of consumers reshaping expectations around digital access to products and services. In this environment, financial services organisations can’t afford to fall short of demands for digital.
Low-code applications provide the capability to build, extend and adapt digital services for consumers. For example, they can provide proactive notifications that keep customers abreast of account activities and give them the capability to manage their accounts in real-time. Customer engagement is improved as financial institutions interact with customers within the channel of their choice, without disrupting the customer journey.
Legacy systems and technology, on the other hand, often struggle to keep pace to support evolving products and services. Employees take the strain as they bridge the gap between applications with manual and spreadsheet-based processes.
However, the intelligent automation capabilities of low-code development and robotic process automation ease this burden on employees and drastically reduce the inevitable errors that occur when employees do repetitive and monotonous tasks, like data entry.
Manual paper-based processes are moved online, giving thousands of hours back to employees. Human-in-the-loop features enable employees to intervene to ensure automations are producing intended outcomes and that governance is maintained. Applications can be built to accommodate robust compliance and security measures, protecting consumers and employees.
Further, by easing the load on employees, they are able to be more creative, offer better customer support, and devote more time to value-adding tasks.
- Innovative solutions
Faster development through low-code also facilitates innovation because the speed, cost-effectiveness and ease of it allow for repeated iterations. This means businesses can trial new automations and make immediate adjustments to accommodate rapid changes and unstable market conditions.
Low-code provides business users within financial services the ability to contribute to their organisation’s digital transformation. This is advantageous as business users have a different perspective than IT teams. They’re involved in the day-to-day running of things, so they’re going to be well-positioned to suggest the processes that would most benefit from being reimagined through low-code.
Low-code development allows these digital solutions to be tested and tweaked until they are optimised. Even once they have been deployed, the ease of making adjustments encourages innovations, allowing applications to be continually amended to foster more productivity.
Low-code applications reflect the imagination and creativity of employees. If they can imagine a solution, they can create it – and the right low-code application platform gives them the resources they need for this.
- Easy integration with existing systems and new ones that emerge
When it comes to digital transformation, many financial services organisations struggle with their legacy systems. Extending, adapting or changing the function of legacy technology can be expensive, time-consuming and fraught with risk. Low-code’s ability to work around this issue has made it popular within the sector.
Low-code applications and robotic process automation provide the capability to create new functions and applications that integrate, unify and extend legacy systems. Most significantly, this can be achieved without making changes to the underlying system. With this approach, data silos are broken down, creating a single view of processes and single point of access to data, which enable seamless customer and user journeys. This is all accomplished faster, more efficiently and without risk, presenting huge opportunities for financial services institutions.
- Actionable data insights
By eliminating data silos through low-code, employees have access to the right information when they need it. They have a comprehensive view of a client’s contextual information and previous interactions with the organisation.
When a low-code application platform with artificial intelligence and machine learning features is adopted, decision making capabilities are unearthed, producing rich insights that inform more strategic decision making, drive productivity, save costs and generate growth.
An approach to digital transformation that incorporates low-code development platforms and robotic process automation will increase productivity, reduce expenses and generate operational efficiency to help financial services organisations achieve excellence. Agile, iterative development capabilities expand their ability to rapidly streamline and smoothen customer and user experiences.
The businesses that commit to this approach are going to be best positioned for fast returns on investment and long-term competitiveness. For those who have yet to start, it presents an opportunity to start small and scale fast. For others who are further along in their transformation journey, it provides the opportunity to accelerate their efforts and avoid costly missteps thanks to inherent agility. Intelligent automation using an AI-powered low-code and robotic process automation platform is going to help you get to where you need to be on your digital transformation journey faster.