Preventing cyber crime
Cybersecurity is a key concern for senior political leaders, regulators and industry professionals and is one of the biggest security threats in the Middle East. Reports last year claimed several UAE banks were hit by a coordinated cyber attack, affecting e-banking operations and websites.
The global concern
In the US, the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC) have made cybersecurity a top priority for the 2016 examinations of their members’ books and records covering:
- Identification and Assessment of Cybersecurity Related Risks
- Protection of Networks and Information
- Risks Associated with Remote Access
- Vendor and Other Third Party Risks
- Detection of Unauthorised Activity
The US Commodity Futures Trading Commission (CFTC) is also weighing in as indicated by the remarks made by their Chairman, Timothy Massad: “Cybersecurity is the most important single issue facing our markets today in terms of market integrity and financial stability.”
Trend Micro predicts that criminals will use tried and tested methods, such as exploiting existing vulnerabilities in software used by victims, to hit their targets in the year ahead. More countries are taking the initiative to educate their ‘net’ citizens and are creating policies and guidelines for firms and individuals to create awareness of such crimes. In Europe the EU is putting together a Cybersecurity Directive that is supposed to apply to all business sectors. Although some of the EU regulations recently passed or currently under consultation have some cybersecurity elements, nothing has been specifically aimed at the financial services industry.
Assessing the impact
Cybersecurity directly affects clients, data, networks, hardware, software and operations and protects them from theft, business disruption and destruction, which is why a proper risk framework covering identification, protection, detection, response and recovery is needed.
Firms should also be identifying their possible risks, assessing the likelihood of the event occurring and preparing their response(s). Armed with this information, they can then determine their risk tolerance and prioritise their cybersecurity counter-measures. Impact assessments should cover:
- Governance Policies
- Business Environment
- IT Security & Firewalls
- IT & Operational Risk Management
- Data (Client, Personnel, Devices, Hardware, Systems, Facilities)
- Vendor Management
- Physical Security / Clear Desk Policy
- Employee Involvement Processes
- External Trends and Cyber-attacks
Industry best practice
The National Institute of Standards and Technology (NIST) has created a voluntary risk-based framework, comprising industry standards and best practices, for firms to use as a guide when setting up their own programme to manage their cybersecurity risks. The core framework, as mentioned above, should cover identification, protection, detection, response and recovery, which comprise the lifecycle of risk management of a cyber-breach.
- Identification: Understand the risks posed to your business across systems, assets, data and business processes. These core cyber-risks form the basis of your risk policy and focus for your efforts.
- Protection: Design and implement safeguards to protect the infrastructure of your firm and ensure continued delivery of critical services, allowing you to limit or contain the impact of a cyber-event.
- Detection: Design and implement tools and processes to identify a cyber-event promptly.
- Response: Outline your firm’s actions in response to a cyber-event.
- Recovery: Incorporation of cyber-security responses into a firm’s business continuity and/or disaster planning to ensure swift restoration of services that may have been impacted by the cyber-event. The proposed framework sets the foundation for a process to identify, assess and manage cyber- based risks and events. It should complement the processes currently in place and assist in the identification of gaps in achieving best practices, and facilitate the prioritisation of new processes and controls.
One size doesn’t fit all
A tailored approach allows each firm to fit the framework to their own risk appetite and budget on both a tactical and strategic basis, and they should leverage from their existing security plans, e.g. business continuity and disaster recovery plans, physical site security, ‘clear desk’ policies, IT security, and update them to include controls and responses to cyber-risks.
A proactive approach
Demonstrating cybersecurity readiness to regulators can be achieved through risk assessments, implementing the right tools and working with the right strategic partner who can help a business perform a risk assessment and deliver clarity, not only to the regulators, but also to the key stakeholders of its key assets, concerning current status, and gaps in its controls and processes. A baseline assessment can also then be used to evolve a working plan to mitigate the gaps and demonstrate to the regulators and stakeholders that the firm is taking its cyber risk management responsibilities extremely seriously.
Hatstand’s cybersecurity services in the US, Asia, Europe and Middle East are geared towards helping our clients’ meet the demands of their key stakeholders, including the regulators, to ensure their institution has sufficient controls and processes in place to identify, protect, detect, respond and recover from a cyber breach. Hatstand provides the value added products and services to help its clients shore up their cyber defences and governance.
Its risk assessment model addresses a firm’s cyber risk management to incorporate industry best practice. Hatstand has a proven methodology of risk assessments in practice across multiple business processes. Its cybersecurity risk assessment provides a snapshot of a firms’ risk profile as well as maturity level. From this starting point firms can then identify where they need to spend time and effort in order to increase their controls and plan for the unexpected.
Brad O’Brien is CEO at Hatstand
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”