At Equifax breach’s anniversary, most institutions still lack resilience

Register now

With the constant emergence of new technology comes new threats, savvier hackers, and other malicious elements aimed at exploiting vulnerabilities. In the finance industry specifically, fraud is becoming more prevalent.

For example, more than 145 million Americans had their social security numbers, driver's license numbers, a variety of personal financial details and more compromised by hackers through the Equifax data breach.

While nearly all banks, financial institutions and other organizations have a disaster recovery strategy in place, it’s clear that these plans are not enough to ensure these organizations remain online, regardless of what happens.
And it’s not just unanticipated breaches that are impacting customers. Anyone who is a banking customer will be familiar with their bank taking “scheduled downtime” during the evening as a routine matter. However, in a 24/7 commercial marketplace with real time digital payments and other transactions, this is becoming increasingly inconvenient for customers, and could lead to banks losing out to competitors during off-hours. Without full IT resiliency, a company cannot be considered an always-on service.

IT resilience is a way of ensuring your business offers continuous availability, while maintaining the workload mobility and multi-cloud agility which, traditionally, organizations have used during scheduled maintenance. As a result, institutions are able to withstand disruption, add in new technology as it becomes available, and work on their digital transformation without any inconvenience to customers. All in all, it offers a significant advantage – preventing any reputation damage, financial loss and customer frustration that goes hand in hand with system downtime.

There are many key elements to ensure a smooth implementation, but at the onset there are two key tenants that must be achieved. The number one priority is preventing as much downtime as possible while understanding that cyber attacks are bound to occur. With the realization, comes the understanding that having a strong recovery plan in place to get back up and running as soon as possible is invaluable. To achieve this, there simple steps financial organizations need to consider to ensure that their risk minimization strategy is as comprehensive as possible.

All channels will rely on different infrastructures, including different cloud platforms or virtual environments. These will need to be protected as part of an IT resilience strategy, which means you need a solution that can work across any number of different locations.

In addition, with the competition to deliver better services to customers, the finance industry need a solution that will leave it with the flexibility to test out new clouds, evaluate new storage vendors, or cross-replicate between virtualization platforms, which is pivotal to making informed choices that future-proof IT strategy. At the same time, overarching integration can allow institutions to move data to, from and between different infrastructures, which minimizes the impact of a specific solution provider outage.

With the recent data breaches that have occurred, there is now even more pressure to ensure compliance is in place to prevent against any misuse and breach of personal data. With this in mind, part of a financial institution’s resilient approach needs to include the ability to test across the system, without causing downtime, and ensure compliance to the full spectrum of legal requirements.

Adopting a resilient approach to IT, rather than just mitigating downtime, is critical for remaining competitive in the future financial services market. Customers will become even more demanding of always-on, innovative service delivery which ultimately relies on secure foundations, and a track record of reliability. Financial institutions need to make sure that they can prove that their services are always available, and be able to be restored easily from a single point in seconds, no matter what happens.

For reprint and licensing requests for this article, click here.
Data breaches Payment processing Security risk ISO and agent