Using regulated digital bots to reduce the need for remote-workers to access and manage system data is a good start …
When the first wave of the pandemic forced widespread lockdowns last year, banks and financial institutions eventually built and set up new systems to cope with a surge in demand for their services.
Amid the speed of this transition and the necessity to innovate, there were limited opportunities for companies to consider the security impact of remote-working.
In the banking industry, the challenges of the work-from-home experiment were further compounded by the fact that core banking systems were mostly not designed to be accessed by remote workers. Systems operated by business process outsourcing providers (BPO), in particular, were likely to be protected with physical security measures. However, in a lockdown and remote working situation, these simply cannot be enforced. As a result, cyber criminals seized the opportunity to exploit these weaker safety measures.
So 2020 became a year where the banking and finance industry was one of the top targets in the Asia Pacific region, including increases in social engineering attacks and exploits to either deceive bank customers into disclosing their personal information, or to gain access to financial institutions.
To date, ransomware and phishing attacks remain the common threats for the financial services industry, and the threat landscape continues to evolve.
How can automation help?
With the proliferation of financial data, utilizing the right tools and technologies is critical in ensuring the proper and safe transfer, process and storage of data in line with local and global compliance regulations.
To mitigate risks related to data management and control in process tasks can be addressed by intelligent automation, which enables companies to employ digital ‘workers’ that can manage tasks either with or without the assistance of humans.
In a traditional set-up, operational teams typically choose tasks from a workflow queue requiring access to a wide range of corporate systems and data for processing. With intelligent automation, there is an opportunity to flip this approach on its head.
- Digital workers can be trained to identify tasks to send to relevant individuals along with the minimum data required.
- After the human workers have decided on next steps, they can call on a digital worker to complete the task on their behalf, without requiring remote access to multiple systems.
- By tightly controlling access to data so that only information required for each task is available, organizations can eliminate some of the fundamental risks associated with the use of remote shared services, thereby, improving data security significantly.
- How the digital worker robots are configured, and how tasks are assigned, managed and approved has to be a strict process. One way to oversee this process is to implement centrally managed user access control. Only specific users should be authorized to build specific processes using specific objects, enabling multifactor security that mandates secondary approval for all changes.
- Another critical element in enhancing the security and compliance of a digital workforce focuses on the issue of holding any perpetrators of security breaches to account. Organizations can only ensure accountability when transactions for every single process are recorded in real time and are securely stored: this is where an audit trail provides immeasurable value.
- An automated operating system that not only systematically records 100% of every action taken and changes made, but centrally stores the log to eliminate any tampering of the record, can provide oversight on all activities and at the same time, deter misuse.
The increased risks arising from remote-working and digital transformation in the industry have already attracted tighter regulatory requirements surrounding financial cybersecurity.
Financial institutions will need to relook their business processes and assess the viability of incorporating digital workers into their workforces in order to mitigate security risks.