The financial services industry remains one of the top three sectors targeted by ransomware, according to Microsoft’s 2021 Digital Defense Report. Europe, Asia and the USA remain the most attacked regions because of the concentration of financial services industries in these areas.
“Cyberattacks are increasing in frequency and sophistication and are deliberately targeting core business systems to maximise the impact of the attack or likelihood of a ransomware payout,” says Bill Borden, corporate vice president of worldwide financial services at Microsoft. “This has been accelerated in recent years with the advent of ‘as a service’ cybercrime and digital currencies which allow an even wider range of criminal organisations around the world to monetise cybercrime – with a particular focus on key sectors like financial services and healthcare.”
What’s more, as the remote workforce has expanded the attack surface, the threat landscape has become increasingly sophisticated. “This is an area of increasing focus and is being watched closely by financial services regulators,” says Borden. “Persistent, evolving attacks are reminders that we must act decisively on all fronts in new ways to reinforce cybersecurity measures for industries and individuals.”
As financial services companies navigate the evolving threats and safeguards, they must address two competing needs. They must deliver customer experiences, with innovation and attention dedicated to meeting customers where they are. But they must also thwart cybercriminals, fraudsters and money launderers by implementing strong cybersecurity and data protection policies and practices.
It’s here that an integrated cloud platform can really deliver results. “By using a platform to manage data and security posture, financial services companies can put themselves in a stronger position to address both needs,” says Borden. “As well as facilitating better customer experiences, an integrated cloud platform can help achieve strong governance, can deliver appropriate oversight and also provides the mechanisms to tackle cyber threats.”
Microsoft and its partner community are perfectly positioned to help financial services firms in this regard. In fact, Microsoft has put security and regulatory compliance at the foundation of its cloud services, spending over $1 billion each year on cybersecurity.
“We understand that to maximise the effectiveness of security organisations, tools must be fully integrated to improve efficacy and provide end-to-end visibility,” says Borden.
Microsoft Cloud for Financial Services provides several compliance and cybersecurity capabilities through built-in tools, account protection and programmes. Built-in tools include Azure Sentinel, which supports versatile options including both hybrid and multi-cloud implementations for financial services with integrated security, identity and compliance. This allows simplified management for both virtual machines and containerised environments in both hybrid and multi-cloud environments.
Meanwhile, the solution’s Account Protection feature helps banks protect their customers’ online accounts against bot attacks, fake account creation, account takeover, and fraudulent account access.
The Compliance Manager feature helps organisations manage compliance requirements with greater ease and convenience as compliance requirements continue to expand, and most organisations are facing challenges when it comes to keeping up with increasing requirements and higher levels of scrutiny from financial services regulators.
And all this is supported by the Compliance Program for Microsoft Cloud: a dedicated team of Microsoft experts that is on hand to support an organisation’s internal and external risk, audit and compliance teams in addressing financial services regulatory compliance.
It’s these features which Borden believes makes the security and compliance solutions from Microsoft and its partners unique. “Our solutions are cloud-native and designed with security in mind from the foundation up, allowing us a wider set of controls to limit the surface areas of risk versus traditional internal bank platforms,” he says. “This allows us to conduct zero standing access – where no Microsoft personnel have access to customer data without additional approvals, which can be difficult to do in traditional systems where there is IT administrator access.”
The appeal of such solutions is clear to see – and that’s why some of the globe’s biggest financial services companies are underpinned by Microsoft technologies. Late last year, for example, US bank Wells Fargo marked the next step in its digital transformation journey with a new multi-cloud strategy, relying on Microsoft Azure to provide a trusted and secure foundation across all of its functions – and to also better manage risk.
“Wells Fargo and Microsoft have a longstanding relationship, and we are excited to build on that foundation to accelerate Wells Fargo’s digital transformation journey,” said Judson Althoff, Microsoft’s chief commercial officer, in a press release. “Microsoft Azure is empowering financial services institutions with its secure, compliant and scalable platform for industry cloud solutions needs, including for advanced and complex workloads. By standardising on the Microsoft cloud and trusting Azure as its most strategic and primary cloud platform across all lines of business, Wells Fargo will be able to advance its key business and technology transformation priorities across core areas like managing risk and control, personalised banking, and the digital branch of the future.”
Japan’s Mitsubishi UFJ Financial Group has also chosen the Microsoft Azure cloud as the common system infrastructure for its risk management, security and cost-savings benefits. Meanwhile, Swiss bank UBS is using Microsoft Azure for global scale and security, and Canadian investment bank TD Securities recently built on its Microsoft 365 Communication Compliance infrastructure with a highly secure, compliant global Microsoft Teams deployment.
Despite these success stories, Microsoft hasn’t become complacent. As the threat of cybercrime evolves in the future, the company is making concerted efforts to ensure financial services organisations are protected for the unknown.
“As remote work continues and cyberattacks increase in frequency, we can anticipate that cybercriminals will continue targeting and attacking all sectors of critical infrastructure, including healthcare and public health, information technology, financial services and energy,” Borden says. “Organisations will need to put themselves in a stronger position to address risk management and compliance challenges to successfully scale and grow. With that in mind, Microsoft has announced its commitment to quadruple its cybersecurity investment to $20 billion over the next five years.”
Microsoft has also enhanced tools and resources to address a variety of cyber threats, manage security, and enable customers to manage governance of cloud.
“Microsoft is committed to helping the industry improve time to value, reduce costs, increase agility and accelerate innovation for sustainable growth through digital transformation,” Borden concludes. “We offer cloud technology that helps organisations not only develop a comprehensive cyber-resilience strategy, but which makes preparing for a wide range of contingencies less complicated due to its scalability.”
We asked a selection of Microsoft partners about how they are leveraging Microsoft technology to ensure financial services organisations can stay compliant and secure. Below are extracts from their responses, which you can read in full from page 95 of the digital edition of the Spring 2022 issue of Technology Record.
Russ Soper, chief information officer at Finastra, said: “[Our priority] is about finding the balance between creating efficiency through streamlined operations, managing risk and compliance, and delivering innovation and better experiences that improve the day-to-day roles of our customers.”
Chris Hill, regional vice president of public cloud and strategic partners international at Barracuda Networks, said: “To ensure their data is secure from a cyber-attack, financial organisations can partner with third-party security vendors like Barracuda that can provide enhanced security yet also integrate back into the Azure fabric upon which they had planned to build their application.”
Vania Sigalas, head of strategic propositions at Experian Data Quality UK&I, said: “Experian’s data validation integration for Microsoft Dynamics 365 helps financial services organisations cost-effectively detect potential fraud when users submit applications or purchases.”
Mike Kraft, senior solutions architect at JourneyTEAM, said: “With Microsoft’s commitment to the highest levels of trust, transparency and regulatory compliance, JourneyTEAM makes every effort to protect customer data and ensure we follow Microsoft’s standards.”
Vadim Tabakman, vice president of presales at Nintex, said: “There are financial services businesses that use SQL Server in Azure as a way to store data, and Nintex Workflow Cloud orchestrates new data and the updating of that data via forms being submitted by staff or clients.”
Vamsikrishna Bhimavarapu, banking and financial services lead for Microsoft Biz Apps at Infosys, said: “Infosys has established a dedicated Financial Services Centre of Excellence on Microsoft Biz Apps to build extensive capabilities for transitioning clients through these disruptions, with solutions driven by leading-edge domain experts.”
This article was originally published in the Spring 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.
Share this story