back Back

DTCC: Top 3 cybersecurity gaps in financial services

Biometrics, Breach, Brexit, COVID-19, Cybercriminals, DTCC, Fraud Management, Incident Reporting, Security Audit, Supply Chain

October 29, 2020

  • Biometrics
  • Breach
  • Brexit

By Jason Harrell, Executive Director, Technology Risk Management, Head of Business and Government Cybersecurity Partnerships at DTCC

Jason Harrell, Executive Director, Technology Risk Management, Head of Business and Government Cybersecurity Partnerships at DTCC
Jason Harrell, Executive Director, Technology Risk Management, Head of Business and Government Cybersecurity Partnerships at DTCC

2020 has been filled with many significant events. Brexit, the upcoming US elections, and the ongoing COVID-19 pandemic have dominated headlines and have driven market behaviour. The financial sector closely monitors these current events with a focus on continually enhancing its ability to be resilient to the increased and ongoing cyber activity that often results from them.

Resilience, or the ability to prevent, adapt, respond to and recover from events that affect a firm’s operations, requires a comprehensive strategy. As a result, market participants, working alongside supervisory authorities, vendors and their peers, must consider how they can continue to bolster the preparedness and response of the collective global financial system in the face of disruptive events.

This on-going assessment has revealed three areas which can continue to be improved: workforce displacement, third party/supply chain risk, and incident reporting.

Workforce displacement
The coronavirus pandemic shifted the workforce from largely centralized office locations to countless home networks. This sudden shift has increased the pressures on millions of families to adjust to a new work-life approach. For financial institutions, this displacement created a greater reliance on its employees to protect their home networks from compromise while increasing vigilance around the current safeguards to protect the organization from this new threat vector. For individuals, the shift from office to home can potentially lower an employee’s focus and ability to identify phishing and business email compromise attacks. Cybercriminals have sought to capitalize on this area with numerous attempts to lure individuals to click on malicious links related to the pandemic. COVID-19 heat maps, information sites, donations, and other emails are constantly being used to entice individuals. Financial institutions must continue to be vigilant in providing their workforce with the tools and information needed to fully understand these attacks and protect themselves, their home networks and ultimately their organization from compromise.

Third-party/supply chain
DTCCFirms are increasingly leveraging third-party providers to accelerate innovation and reduce costs by outsourcing operational services. While this approach has advantages, it is important that financial institutions understand the operational impacts of a third-party supply chain disruption during times of stress or volatility. This presents a strategic challenge, as it can be difficult for firms to fully understand the resilience capabilities of third-party vendors. These third parties may also use vendors and other service providers which increases the difficulty for financial institutions to understand the complexity of their supply chain. An expanded supply chain also increases the surface area for potential threat actors to disrupt a firm’s activities and overall financial market stability.

While industry discussion around third-party risk and resilience are ongoing, two clear themes are emerging. One, third-party risk is a growing area of interest among global supervisors looking to ensure their regulated entities have business models and operating structures in place that manage these potential risk exposures. Two, there is a shared responsibility between financial institutions, supervisory authorities, and critical service providers to affirm sector resilience from third-party service disruptions and address any cybersecurity gaps that may be created by expanding supply chains.

Incident reporting
Financial Institutions that provide multiple financial products or operate in several jurisdictions may be subject to examination by numerous supervisory authorities. These same authorities must be notified of material operational events that impact the delivery of financial services to the market. These notifications may differ around the amount of time given to report an incident, the information required in the notification, and how these reports are submitted (e.g., email, web form). These deviations make it challenging to comply with regulatory obligations while simultaneously managing the resources necessary to effectively respond to an incident. Therefore, any opportunity to better align incident reporting across regulatory authorities and reduce the resources required to report an incident could increase the resilience of the financial sector and should be considered. Harmonization around incident reporting may also provide greater insights into operational incidents across the financial services sector, which could be used by financial institutions to focus on potential weaknesses or changes in the threat landscape.

Since 2013, cybersecurity has consistently claimed the top spot on DTCC’s annual Risk Forecast since the survey launched. The survey that will inform the 2021 forecast is currently underway, and while the pandemic and geopolitical factors are likely to rank high on the list, it is expected that cybersecurity will remain a chief concern and a continued threat to resiliency. By working to better address areas such as workplace displacement, third party/supply chain risk, and incident reporting, institutions can help to ensure the resilience of an increasingly digitized and interconnected financial services industry, while cultivating trust that the markets will continue to operate smoothly.

Jason Harrell
Executive Director, Technology Risk Management, Head of Business and Government Cybersecurity Partnerships

Previous Article

October 27, 2020

Monzo ex-CFO in conversation with Capdesk on scaling startups

Read More
Next Article

December 03, 2020

Wealth Management – A significant opportunity beckons

Read More

IBSi News

July 19, 2024


Ecommpay & Mastercard partner to deliver Click to Pay in Europe

Read More

  • Daily insightful Financial Technology news analysis
  • Weekly snapshots of industry deals, events & insights
  • Weekly global FinTech case study
  • Chart of the Week curated by IBSi’s Research Team
  • Monthly issues of the iconic IBSi FinTech Journal
  • Exclusive invitation to a flagship IBSi on-ground event of your choice

IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related Blogs

May 16, 2024

Is Cybersecurity the key to customer loyalty for banks?

Read More

April 17, 2024

The sanctions job has changed – and it’s not going back any time soon

Read More

June 02, 2023

Chargeback fraud is growing – can AI and Big Data stem the tide?

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q2 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q1 2024
Know More