You may, or may not have read earlier this
week that Palantir Technologies was forced into a robust denial that it’s
Palantir Prism software (used for data analysis by banks and hedge funds) was not
in any way related to the US governments web surveillance PRISM system.
Now to set the record straight from the
start, I’m not a conspiracy theorist and there is absolutely no suggestion that
these two software services are in anyway linked, other than sharing the same
name.
But the Palantir example, particularly as it
was backed in its early stages by the CIA's In-Q-Tel venture capital arm, poses
a critical question about the safety of your institutions data –are your
systems really secure and can you do more to protect your most valuable asset,
your data?
Today’s software systems and technologies have
helped the financial services sector become more efficient, allowing operations
to become faster and more flexible. The downside is that this flexibility has
created an environment were cybercriminals are becoming a very real threat to
your business. Until last week, we all knew the government was keeping an eye
on us to some degree, but whilst unsubstantiated, it’s safe to say that we now
know that the level of intrusion into our personal and professional lives
(albeit for legitimate reasons) is on a scale otherwise unimagined.
In the same way, cyber threats are becoming
increasingly advanced, and through sheer complexity and volume have the
potential to cause serious risk for financial institutions. Only the best of
software developers can now claim to offer their clients the peace of mind that
they are ahead of the curve, when it comes to understanding and mitigating these
risks.
So, where should you start in managing
software security risks? Well for starters, understanding your financial
institution’s susceptibility to compromise is fundamental to successfully
managing your cyber-risk. As a CFO or IT Manager you are no doubt inundated
with information about new and highly complex challenges facing your systems. The
most successful companies work with their software development partner to
jointly manage these risks, because even in the highly regulated financial services
environment, being compliant doesn’t guarantee that your data is secure.
The modern financial service business must
not only be compliant but must also manage risk, security and governance in
line with key legislation such as Sarbanes-Oxley and Gramm-Leach-Bliley. This increasingly
important focus on compliance and the global context of financial services,
including outsourced/ offshored business functions and increasing government
oversight, means your software development takes on a fresh perspective.
Leading software developers like Synetec
work to FSA standards and beyond, which many offshore or smaller development
houses don’t always understand or stress the importance of. Our systems include
complete enterprise-grade data security that reliably and transparently
protects your systems data. When appointing developers it is essential to
review their security credentials and processes for critical services like
system migration to ensure you are not being put at risk.
Whilst scare-mongering serves no purpose,
it is important that CFO’s recognise that the threat to their systems is real
and pose a risk not only to the financial but also the reputation of their
business. Bodies including the World Bank continue to warn that threats to financial
sectors remain the most omnipresent form of criminal activity across the global
electronic infrastructure.
George
Toursoulopoulos is a financial technology specialist and Director at Synetec,
one of the UK’s leading providers of bespoke financial services software
solutions. George started his career with US-software giant EDS, becoming the
youngest manager in the company’s history and has since gone on to lead Synetec
where he has continued to deliver world-class solutions for a number of the
UK’s most prestigious Hedge Funds and Family Offices. George is a regular
conference speaker on the implementation of technology within the financial services industry with a
particular focus on delivering ROI and improving key business drivers. George
has lectured on Microsoft development and has served as a director on numerous
company boards.
