No, I don’t mean that DNA testing or biometrics necessarily have to be part of every security system, for every financial services firm out there. What I do want to explore, is how financial services firms can strategise, and embed a commitment to security into their make-up. Doing this allows organisations to plan and prepare their response to threat and compliance requirements, rather than constantly having to ‘firefight’.

After all, the emergencies and demands keep coming. In 2017, seven of the UK’s biggest banks were reported to have been hit by a cyber-attack, and there was a very substantial (80%) increase in the number of cyber-attacks reported to the Financial Conduct Authority (FCA).

With this in mind, and with malware becoming an ever-more challenging threat to financial institutions, being compliance proactive, rather than reactive, is a crucial part of bolstering security in the financial sector. The process of becoming — and staying — prepared and compliant may seem onerous before you start, but the advantages it conveys are priceless. You are rewarded with a comprehensive overview of your security systems and become vastly better placed to plug holes before criminals exploit them.

The recent move away from SSL/early TSL protocols is a good example of security and compliance requirements going hand-in-hand. Transport Layer Protocol (TLS) is a means of authenticating one or both systems when a connection is made, and of protecting the data that flows between them – for example during an online banking transaction. It was first introduced in the early 1990s, and has since been revised and upgraded many times, adapting on each occasion to address more and more of the growing horde of threats.

Now, such responses have forced development so far forward that early iterations of TLS are no longer effective, or even fixable. The new requirements therefore, assure organisations that they are using encryption that is fit for purpose, avoiding old and easily exploited provisions on their websites and maintaining customer trust in secure transactions.

Challenges ahead

Encryption is just one of the pressing issues the financial sector must address. The prevention of jackpotting is another - in addition to tackling cyber security, physical security and ongoing industry changes such as the continued rollout of polymer notes.

Planning ahead for these changes is crucial. Developing a co-ordinated roadmap which considers compliance and security together, will not only make planning more efficient but will ensure the appropriate time and resource is allocated to each project - keeping you one step ahead of the game.

For example with Microsoft ending its support for Windows 7 in less than two years’ time, many financial organisations are starting to prioritise migration plans to Windows 10. Such migrations will definitely improve security, but they are not the type of project anybody wants to take on without plenty of planning and scheduling. In fact, most financial operators are likely to need 12–15 months to implement the change - but adopting a co-ordinated approach will ensure all aspects of security and compliance are integrated into the migration journey.

Security and compliance are linked

Keeping up with changes in the compliance landscape is important – not least because criminals will generally take the path of least resistance when they break into your systems, and if your systems are slow to adapt, they will be an easy target.

Compliance and security are thus inextricably linked, and it is important to strategise your responses to this landscape ahead of time. The old adage, ‘to fail to plan is to plan to fail,’ has never been truer than it is for financial firms at the moment, and will continue to be so. Putting security processes at the very heart of your company, in its DNA — now that is the way to succeed.