As a result of the Covid-19 pandemic, every sector of industry is facing a major impact. Financial Services firms in particular are being challenged to quickly adapt to an ever-changing set of realities. Whilst we endure a full or partial lockdown for many weeks to come, I wanted to share my thoughts on the issues and challenges that will be impacting many Financial Services firms, along with some ideas on how they can navigate their way through – both to keep their employees safe, but also to support the communities they are part of.
This blog is part of a series providing support to the financial services sector. Find links to the others here.
Keeping your data secure
Cyber security is a key part of your firm’s operational resiliency. In a time when organisations are stretched and uncertainty is high, vulnerabilities have the potential to surface, especially with the growth in remote working. We’ve already seen an increase in the number of malicious cyber actors looking to exploit the current Covid-19 pandemic for their own gains and for this reason both the UK’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory statement urging both organisations and individuals to be proactive in protecting themselves.
A key element to any organisation’s cyber security capability is ensuring that employees are educated and made aware of how to work – both remotely and also in an ever-changing threat landscape. Approaches that already exist around data protection, avoiding social engineering and phishing attacks should be refreshed and published to colleagues. In particular, highlighting why these approaches are now more critical than ever will ensure that users don’t fall into bad habits that could compromise the integrity of your firm’s environment.
Another area to focus on is ensuring that any technology that is deployed rapidly to ensure business continuity (be it laptops, additional VDI platforms etc) is built and secured to the normal standard within the firm. When new technology is being deployed, whether it is accelerating adoption of cloud productivity / collaboration solutions, or rolling out new builds of laptops, it is sensible to minimise any potential risk by ensuring that security is designed and built in from the start. We look in more detail about building remote connectivity solutions in our main Covid-19 support blog.
Looking more holistically, historically banks, like most enterprises, have had a defensive approach to security. They invested in deploying perimeter security (firewalls, proxy servers, intrusion prevention and detection tools), along with identifying and authenticating users who accessed the network – be it remotely via VPNs, or when connected to the network. Often the assumption was that activity within the perimeter was safe. However the perimeter is no longer as easy to secure as it once was, with an ever-increasing adoption of services provided by third parties, or hosted on the public cloud. This, coupled with the growing increase in cyber security attacks as a result of the Covid-19 pandemic, demonstrates how important it is to move beyond this approach and adopt a more modern approach to securing your enterprise.
How HPE can help
‘Zero Trust’ is an evolving approach to technology design, and is based on the mind-set of removing inherent trust from the network and systems on it; treating everything internal and external as hostile and instead working to gain confidence that you can trust it by using layers of verification.
Just like financial services firms, the healthcare industry is also a target for threat actors during the current times. HPE recently shared some ideas on how we can help the healthcare industry adopt elements of the Zero Trust approach, all of which are equally applicable to financial services. HPE’s industry-recognised Zero Trust product is the Aruba Policy Enforcement Firewall. When tied to Aruba Clearpass and Aruba Central, it provides an integrated security offering to protect against phishing attacks. There are a number of other security solutions that HPE offers, centred around three main functions: protection, detection and recovery, all covered in the linked blog above.
One area to highlight in particular in both the Zero Trust approach and also any cyber security architecture is detection. With the advent of AI technologies such as machine learning coupled with High Performance Computing, the ability to analyse vast quantities of log information is now possible in near real time. This combined capability can provide critical analytics that can help find possible attack vectors and close them before they can be exploited – whether external malware, or internal bad actors.
If you’d like any more information about building or maintaining a secure infrastructure, or adopting a Zero Trust approach, please get in touch with me.
This blog is part of a series looking at helping the financial sector during the Covid-19 pandemic. You can see our other blogs in the series here:
Chris Ibbitson
Hewlett Packard Enterprise
Chris_Ibbitson
Chris is a Chief Technologist for HPE, focused on the Financial Services industry. Before joining HPE, Chris has worked at both a Global Systems Integrator, as well as at a Global Bank in a variety of senior architectural roles.
