Connect with us

Technology

Cyber resilience – 5 steps firms can take to avoid a breach escalating into a crisis

Source: Finance Derivative

Rob Floodeen, VP of Consulting, Mitiga

Cyberattacks are constant and security breach incidents inevitable. Cyber resilience strategies must include incident response plans that enable you to assess and respond to a breach quickly. Well-informed, fast and effective decisions are essential to protect your organisation from serious harm.

Cyber resilience is one piece in your overall resilience strategy. It includes a blend of people, processes, technology and governance. The intent of Cyber Resiliency (CR) is to create an adaptive capacity in your financial organisation’s IT (cyber) systems that aligns to the business objectives. There are many models that describe CR, including the CERT Resilience Management Model, IT Governance Cyber Resilience and UK NCSC 10 steps to cyber resilience. As cyberthreats continue to increase, it is important to build resilience into your organisation, including incident response capabilities.

Rob Floodeen

Here are five steps organizations can take to reduce the risk of an incident escalating into a crisis.

1. Communicating

Good communication is essential to an effective breach response. Having a robust communication plan can help your business increase its resilience to a critical cyber incident. Here are a few steps you can take today to ensure that your communication capabilities are in place if an incident occurs tomorrow:

  • Plan appropriate communications for multiple types of stakeholders, from internal response team members to the public.
  • Understand the timing, messaging and medium for each type of stakeholder.
  • Communicate information clearly, concisely and factually.
  • Share only relevant information and only when necessary.

2. Inspecting the enterprise for incident-related data

Successfully gathering the information to evaluate and inform decision making is a common failure in increasing cyber resilience. To increase your resilience, plan ahead by ensuring that you have visibility into your environment, are retaining relevant forensic artefacts and have developed the skills needed to lead an investigation. Begin building these skills by conducting exercises that help you think through the steps of an investigation and response.

3. Evaluating possible incident impacts

While working on turning your incident-related data into information, evaluating that information as it impacts your organisation is key to making decisions rapidly. To ensure that you have the information needed to base evaluations against, take these five steps:

  • Understand what your critical assets are and whether you are collecting data that would be relevant in the event these assets were impacted in an incident.
  • Have the information needed to compare the current state to prior known good states (for operating systems, scripts, functions and so on).
  • Understand the potential impacts of a breach to key business functions.
  • Identify and understand abnormal changes.
  • Maintain threat scenarios to provide context to the above items.

 4. Confidence in decisions

The primary role for leadership during an incident is making decisions. To increase your ability to make confident decisions quickly, follow a process that is easy to understand, clearly communicated and tries to evaluate the quality of the information generated by the previous three sections. Use a standard process that helps you prioritise your efforts and understand the timing of best available information.

Here is an example process:

  • Declare the two to four key objectives of the response.
  • Construct supporting actions under each objective into Lines of Effort (LoEs).
  • Each LoE includes expected types of data, such as LoE name, current status, next steps, an assigned leader and the current answer for the LoE.
  • Add confidence levels (low, moderate, high) on your ability to improve your answer within a specified time (capped at 30 days).
  • Finally, compile the confidence levels, answers and time period into an estimate for answer improvement (if possible) at the objective level.

A process like this provides confidence in the current status, future status and quality of progress on objectives. For example, if you know that the answers for an objective have a current low confidence level, the objective requires 30 more days of effort to complete, but very likely the confidence level will remain low, then now is the time to make decisions, not 30 days later when the effort is completed.

Your decisions also require an understanding of regulatory, jurisdiction and other third-party requirements; Business Continuity/Data Recovery capabilities; customer and product production impacts; and operational crisis communication systems.

 5. Responding

None of these phases happen independently of the other. There are some immediate response activities, but most of the major response actions occur in consultation with the prior phases. Here are a few critical response capabilities:

  • Have an agreed list of who would become incident commander, depending on the nature of the breach. The role requires an individual with comprehensive knowledge of business, customer and key system downtime impacts.
  • Have a pre-defined set of actions that an incident commander can take.
  • Harden your environment to prepare for evicting threat actors or closing down the attack surface(s).
  • Prepare your environment for eviction, such as enabling isolation for critical application(s) or system(s).
  • Know how to evict threat actors.
  • Be able to monitor your environment for new or continuous suspicious activity.

Preparing for an incident increases resiliency

Increasing your cyber resilience requires robust communication, inspecting your enterprise to ensure you have the right visibility and information needed to investigate. It requires the ability to evaluate the impact of a potential incident — and then make informed decisions quickly so you can respond appropriately. Getting it right enables your financial organisation to recover rapidly and prevent a breach from escalating into a crisis.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Accounting Automation in the Future

Source: Finance Derivative

Accounting automation is the process of streamlining repetitive tasks in financial processes. For example, some processes like invoicing are time-consuming and repetitive. Automation can reduce manual labor and save businesses both time and money. Also, it helps improve accuracy, reduces errors, and provides more accurate financial reporting.

Accounting automation in the future will be increasingly important for businesses to stay competitive. But every new change comes with both advantages and challenges. Let’s dive in to get ready for this future trend.

Potential Future Benefits of Accounting Automation

Increased Efficiency and Cost Savings

Accounting automation is a great way to increase efficiency and cost savings. For example, AI bookkeeping uses advanced algorithms to automate many accounting tasks. So, companies can track expenses, prepare financial reports, and more using AI.

It reduces the time needed for manual entry. So, businesses can spend fewer labor hours on tedious processes. They can increase efficiency by freeing up resources for more strategic work. It also helps reduce errors and inconsistencies associated with manual processes. So, the cost of compliance is lower because of greater accuracy.

Improved Accuracy and Reliability

Accounting automation can improve accuracy and reliability in accounting processes. For example, Automating bank reconciliation is less prone to errors from human mistakes or miscalculations. You can automate the process to identify discrepancies between the bank statement and accounting records. It helps to ensure that financial reports remain accurate and reliable. So businesses can take corrective action faster than processing data manually.

Streamlined Business Processes

Streamlined business processes involve eliminating unnecessary steps, reducing paperwork, and automating repetitive tasks. This allows businesses to focus on higher-value activities, such as developing new products, improving customer service, and developing strategic plans for the future.

Making a Better Decision

Accounting automation can enhance decision-making in 3 ways.

1. It enables businesses to access real-time information from multiple systems. So they can identify trends for better decision-making.
2. Automated accounting also helps with forecasting, budgeting, and auditing tasks. It enables businesses to be more proactive in their decision-making processes.
3. Also, automated accounting tools can integrate with enterprise resource planning (ERP) systems. They can manage data across the enterprise and make concise decisions that are favorable to the company as a whole.

Increase Customer Satisfaction

Accounting automation can help businesses increase customer satisfaction by streamlining their processes and providing a more efficient customer experience. For example:
4. Automated accounting systems can automate tedious manual tasks such as invoicing, data entry, and payroll processing. This allows businesses to focus on other aspects of their operations that are more important for customer service.
5. Automated accounting systems can also provide customers with more accurate and timely financial information. The information can help them make better decisions about their finances.
6. Also, accounting automation enables businesses to respond quickly to customer inquiries. It helps reduce wait times and improve the overall customer experience. So, you can build better relationships with their customers.

Improved Accessibility

Accounting automation takes place online or comes with cloud-based solutions. So, you can access your information and do your job from anywhere instead of being confined to one spot.

Challenges to Implementing Accounting Automation in the Future

Cost of Technology Infrastructure Upgrades

Automating an accounting system often requires businesses to invest in new hardware and software, such as servers and other associated equipment. These upgrades come with a hefty price tag that may be difficult for small businesses to afford.

There are also extra costs, such as installation fees, setup charges, software licensing fees, cloud storage costs, and maintenance fees.

Training Requirements for Staff Members

Accounting automation involves using advanced technology to automate certain processes. So, it creates a need for trained staff members who can handle the new technology. Training requirements vary depending on the type of software used.

Some common training includes record-keeping procedures, software applications, and troubleshooting skills.

Regulatory Compliance Issues

Accounting automation can be a time-saver, but it also requires firms to be aware of the applicable rules and regulations. Companies must ensure that their automated systems are compliant with relevant laws and regulations such as Generally Accepted Accounting Principles (GAAP), International Financial Reporting Standards (IFRS), and other applicable accounting standards.

Besides, they must also comply with legal requirements related to taxes, financial statements, and other reporting obligations.

So, businesses must consider the complexities of regulatory compliance when automating accounting.

Security and Data Protection Concerns

As businesses move their accounting processes to the cloud, they are exposed to a wide range of potential security risks. Data breaches can cause significant damage to the business’s financial and reputational integrity. Besides, the complexity of automated accounting systems can make it difficult to identify and detect suspicious activities or errors in the system.

To ensure data is kept secure, businesses must have strong measures in place to protect against unauthorized access, encryption, and regular backups of data.

Furthermore, companies must train their staff on the proper use of the system. It helps staff to know how to protect confidential information from being accessed or misused by unauthorized personnel.

Businesses may also need an experienced IT team to monitor and maintain the system to keep up with any changes or updates for optimal performance.

Final thoughts

Accounting automation has come a long way in the past few decades. It is likely to continue to advance in the future. As technology continues to evolve, more businesses will likely begin taking advantage of automation in their accounting processes. So, businesses should be aware of the potential challenges and prepare to stay competitive.

Continue Reading

Business

Three ways data can help financial organisations thrive in today’s economy

Source: Finance Derivative

By Rinesh Patel, Global Head of Financial Services, Snowflake

Financial organisations are caught in the middle of an ever-evolving landscape caused, in part, by emergent fintechs, shifting consumer expectations and increased regulatory change. Businesses are therefore turning to their data, re-imagining how they collect, process and analyse it, to drive growth and opportunity.

Despite this intention though, firms can often find themselves overwhelmed with the amount of data at their fingertips. Data tends to reside in individual departments that have no secure, efficient way of sharing it with other teams, creating silos of information. When teams need to collaborate, organisations are faced with additional costs and complexities in the movement of that data. The current infrastructure used by many financial institutions is not able to support the changing requirements of the industry, where data is the lifeblood.

Firms looking to harness their data should leave behind their outdated legacy architecture and implement an enterprise data strategy with a cloud-native platform. They can reposition themselves to accelerate time to market and value, with differentiated products and improved client offerings to gain a critical competitive advantage. Here are three ways that financial services are using better technology and enhanced data management to add business value.

Adhering to regulatory requirements

The volume of global regulations and reporting obligations has risen exponentially in the past decade, creating greater complexity and security challenges for firms capturing and processing data. Many of these regulations were taken by supervisors to ensure financial stability after the financial crisis of 2008. Regulators have greater expectations of firms with the aim of risk mitigation and transparency. With advanced technologies facilitating data capture, storage and analysis now available, supervisory bodies are also keen in part, to ask for additional disclosures because it’s now possible to demand more documentation and seek greater transparency.

The landscape of differing interpretations, overlapping regulatory requirements across asset classes and geographies and strict, even unrealistic deadlines for implementation have forced customers to take tactical quick-fix solutions, elevating operational risk and the chance of regulatory fines. Compliance departments have therefore been spending years building reporting processes, managing inconsistent data sets, maintaining ageing data stores and importantly overseeing differing levels of governance, adding more cost and complexity to the task at hand. For a large multi-segment global bank or asset manager this fragmented and manual approach to data management and analysis is not sustainable given the scale of processes and multi-geographic considerations that they have to comply with.

As regulators continue to push the long-term structural change agenda, financial services must now ready themselves to meet more robust reporting requirements to comply with the ever-changing regulatory landscape. The objective is to simplify and better manage data across teams with the governance and security provided by technological capabilities now offered through modern cloud capabilities to drive needed reporting. This will allow firms to replace old and inconsistent data with a centralised data architecture, providing a single source of truth. The time and cost reduction from data sourcing, ingestion, and the normalisation of data for analysis, can shrink to significantly streamline reporting processes.

Customer 360 experience

Consumers provide financial institutions with a vast amount of information, ranging from their banking habits to their behavioural preferences. Financial organisations have traditionally been slow to tap into the totality of this information to provide a better experience for customers.

The quest to provide greater visibility and a 360-degree view of customer behaviour is at the core of financial services organisations’ priorities. Customers want smooth, easy digital experiences that can speak to their desire for ease of use and convenience. This is seen in the ways virtual banking consumers have opted for technologies that are simple to interact with, self-directed and frictionless when it comes to carrying out digital transactions. New regulations, such as PSD2 and rules around open banking have also primed customers to expect more.

The challenge for legacy institutions is to bring the ease and usability of digital-first platforms with the sophistication of a major, global provider. Tapping into the full spectrum of data created by consumers is central to a successful transition.

Wealth advisory, investment management professionals are increasingly looking at data capabilities to support ongoing relationship management with their clients. Using data to understand customers in this way helps banks to successfully move customers up the wealth value chain. Wealth management organisations can digitise the investment process – from finding customers to managing accounts, and offering bespoke plans. Effective use of data in this sector can free up time for advisors, helping to retain key customers and charge higher commission levels thanks to a new level of personalised service.

Developing an effective ESG strategy

Environmental, social and corporate governance (ESG) considerations have grown in significance with increasing stakeholder pressures, driving a response by firms to prioritise their sustainability agenda. To understand, evaluate the problem and take action, firms need access to technology providing holistic ESG data capabilities and solutions, with performance and scale.

Financial firms are amassing large data sets from the public sector, including government reports, scientific bodies and private sector reports, to understand and address the climate challenge. Businesses are moving with urgency to acquire robust data sets, to meet ESG criteria and sustainability metrics needed to evaluate impact and make progress against their own commitments. There are several pervasive business use cases for teams experiencing ESG data challenges, including portfolio construction, financial planning and regulatory reporting that will require an effective ESG data management strategy.

Ever present challenges in the ingestion, standardisation, and sharing of ESG data will be at the forefront of every organisation – as they process the magnitude of the challenge and transform their operations to address the issue. With cloud-native solutions, firms can use ready-to-use query data across established marketplace data sets. They can then share that data across teams in a secure, governed way – with greater speed to market. Organisations can meet the need for scalable analytics, and access a data ecosystem to build their own proprietary ESG applications for different user and workflow requirements.

A business fit for the future

With data cloud solutions, businesses can effectively analyse the vast amounts of data available to them, equipping them to meet the ever-changing financial landscape. Leaving behind legacy systems will open up a multitude of opportunities and benefits that will drive business growth. This includes developing a 360 view of the customer, improved data governance and the opportunity to use data to support an effective ESG strategy. Without the ability to harness data through the cloud, companies will get left behind the competition and struggle to meet the standards that modern consumers expect.

Continue Reading

Business

Central Bank Digital Currency: What is the future of our Banking System?

Source: Finance Derivative

Dr Pooja Lekhi, Vice Chair, Department of Quantitative Studies, University Canada West

Central Bank Digital Currency (CBDC) is an electronic form of currency issued by a central government that citizens can use to make digital payments and store value. If a country issues a CBDC, its government will consider it to be legal tender, just like fiat currencies; both CBDC and physical cash would be legally acknowledged as a form of payment and act as a claim on the central bank or government.

CBDC Benefits over Fiat Currency

One of the biggest advantages of Central Bank Digital Currency is an increase in the safety and efficiency of both wholesale and retail payment systems. A central bank’s digital currency facilitates the quick settlement of retail payments andhas the potential to improve the efficiency of POS (point of sale) and P2P (peer-to-peer) payments.

In addition to domestic transactions, the current cross-border payments model depends heavily on central banks operating the real-time gross settlement (RTGS) infrastructure within which all local banks’ obligations must settle. Due to the existence of time lags in cross-border payments, participating parties are exposed to settlement and credit risk. A CBDC can eliminate counterparty credit risk, and the use of digital currencies in cross-border transactions can be cost-effective. This implies several advantages of CBDC over traditional money, including higher transaction speeds, tangible reduction of fees and automation of payment systems, and increase of their usability.

Advantages of CBDC over cryptocurrencies

The unique feature of CBDC is that it is backed by central bank deposits or a government pledge –  they offer stable value and the benefit of regulatory stability and audit transparency.

Traditional cryptocurrencies, like Bitcoin, involve complete decentralization and lack of control by any regulatory authority. CBDCs do not completely rely on decentralized technologies. They are administered by central bank agents and distributed via digital ledger technology. The technical support is carried out centrally.

Countries exploring CBDC

The People’s Bank of China is one of the first central banks to develop a CBDC. They deployed a special task force in 2014 to research and implement a digital yuan. China’s digital yuan can now be used for wealth management products and bank loans. This move by China’s central bank extends the use of digital currency beyond the purchase of consumer goods

In 2017, the world’s oldest bank, Swedish Riksbank, began its CBDC project called e-krona. In collaboration with Accenture PLC, a pilot took place between 2020 and February 2022. E-krona was launched with the purpose of offering a robust alternative in case of emergency or turmoil of private payment service providers, thereby ensuring the Swedish payment system remains stable.

The Bank of England and Bank of Canada are still investigating integrating CBDC into their financial systems.

Other countries which are in a pilot phase of a central bank digital currency include Russia, Thailand, Malaysia, South Korea, the United Arab Emirates and Saudi Arabia.

Concrete plans to launch a CBDC are recorded by the Atlantic Council tracker in Canada, Australia, Brazil and India, among others.

“Around 100 countries are exploring CBDCs at one level or another. Some researching, some testing, and a few already distributing CBDC to the public,” said Kristalina Georgieva, IMF Managing Director

Final thoughts

Introducing CBDCs worldwide has the potential to change the future of money. Firstly, it might raise crypto adoption as people will have access to the platforms to convert cryptocurrencies into legal tenders. Furthermore, countries are seeking to preserve key aspects of their traditional monetary and financial systems while experimenting with new digital forms of money to give users more convenience, safety and efficient services. As regulators and central banks take concrete steps and measures in the direction of establishing CBDCs, the world will begin to embrace digital currencies as a standard.

Continue Reading

Copyright © 2021 Futures Parity.