Security and service assurance

Issue 3 2021 Financial (Industry)

The rise of the pandemic last year meant that corporates around the globe had to embrace a highly dispersed, virtualised environment to keep the wheels of business turning. This is now changing the way that banks need to move forward, with both their security as well as their service assurance.

So says Darren Anstee, chief technology officer for security at NETSCOUT, a global provider of service assurance, security and business analytics. He explains that, at the start of 2020, digital transformation in the financial services sector was already well underway and the intervening year has only accelerated this transformation.

Writing in a recent blog, he notes that, “The COVID-19 lockdown shut branches, forcing customers online; in fact, it is estimated that 35% of customers have increased their online banking usage during the pandemic… Customers that have grown accustomed to the speed and convenience of online banking are unlikely to revert to call centres or go back to using an agent or a branch to the same extent as they did previously.”

At the same time, banking employees who had been working on secure corporate infrastructure at banking premises became suddenly spread across thousands of far more vulnerable home office locations.

Anstee clarifies: “In the US, for example, Bank of America and Wells Fargo transitioned more than 150 000 employees – or roughly 70% of their workforce – to work from home. And in the UK, Nationwide moved 98% of its workers to work from home in the space of just five days.”

And this fact comes with a warning: “It’s unlikely that tens of thousands of workers can be redeployed within a few days without a few security issues being overlooked in the process.”

Predictably, threat actors around the globe were quick to take advantage of the sudden requirement to move employees into remote working arrangements. Distributed denial of service (DDoS) attacks crossed the 10 million mark during 2020. For the first time in history, as reported by NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT), more than 10 million DDoS attacks took place in a single year, showing how much the COVID-19 pandemic had assisted the activities of threat actors.

DDoS attacks occur when threat actors try to disrupt normal traffic to the enterprise by overwhelming the target with a flood of Internet traffic, at volumes that the system cannot handle. In this way, genuine users cannot gain access.

Similar risks in Africa

Returning specifically to financial services, South Africa is internationally recognised as having a sophisticated financial services sector, which is backed by a sound regulatory and legal framework. It is also becoming a target for cybercriminals.

Risna Steenkamp, general manager: ESM Division at value-added distributor Networks Unlimited, clarifies, “As with international financial services players, key local banks in South Africa were also well on their way with their digital transformation journeys before the pandemic struck. This is outlined, for example, in information from Standard Bank in 2020[1] on steps taken to help the bank deliver a faster time-to-market on products and services, while ensuring its IT infrastructure was optimised; as well as by Absa’s digital transition, which came about as a result of its separation from Barclays from 2017 to 2020[2], and which, reports the bank, created new opportunities for Absa, particularly around the use of big data to build its customer intelligence and experience offering.


Risna Steenkamp.

“Last year, our local financial services had to make their own quick adjustments to the new world order. However, having to move swiftly to keep working during the initial hard lockdown in March 2020 did not help with an already difficult security situation.”

In 2020, Irish multinational consulting firm Accenture released a report entitled: Insight into the Cyberthreat Landscape in South Africa[3] that revealed a pronounced spike in cyber-attacks in 2019, with all sectors being hit by cybercriminals.

Steenkamp notes, “The report outlined that South Africa had the third-highest number of cybercrime victims globally for the reported period, translating into losses of around R2.2 billion in cyber-attacks. I imagine that once the data for 2020 has come in, the figures will continue to paint a dismal picture. For example, we know already that local financial services companies PPS and Momentum Metropolitan came under cyber-attacks during 2020 and 2021[4], as did consumer credit reporting company Experian[5].

“It all speaks to the imperative need for cybersecurity across all sectors and banks, with their access to critical personal information, will only survive if they are able to protect their customers’ security details while also operating top-quality customer service. This is as true whether they are interfacing with their customers in a bricks-and-mortar or a virtual scenario.”

According to Anstee, the reactive changes that took place across the globe last year have had huge implications for the financial institutions involved, both from a service assurance and a security perspective.

He explains, “The key objective of IT and business leaders now must be to ensure the reliable delivery of mission-critical business services. Financial services institutions cannot function effectively in this new normal unless their customer-facing applications and virtualised business processes can operate reliably and securely across wired and wireless environments. With cybercriminals enthusiastically exploiting pandemic vulnerabilities, the need for advanced automated DDoS technology is clear.

“Meanwhile, service assurance requirements mean that companies must test and monitor new digital transformation projects over both wired and wireless networks – during and after deployment – to assure a quality user experience. It also requires that companies establish baseline service response times for new and existing services and introduce rapid service triage to reduce the time it takes to identify and remediate any vulnerabilities. Ideally, customised analytics would provide key insights into all business-critical applications and services.”

NETSCOUT is distributed throughout Africa by Networks Unlimited.

Networks Unlimited Africa, Janco Taljaard, +27 11 202 8400, [email protected], www.networksunlimited.africa

[1] https://www.standardbank.com/sbg/standard-bank-group/whats-happening/newsroom/Standard-Bank-accelerates-digital-journey-to-enterprise-development-with-Microsoft,-SAP

[2] https://www.news24.com/fin24/companies/financial-services/absas-split-from-barclays-as-good-as-complete-20200608

[3] https://www.accenture.com/za-en/insights/security/cyberthreat-south-africa

[4] https://www.businessinsider.co.za/pps-hit-by-cyber-attack-report-2021-3

[5] https://mybroadband.co.za/news/security/365838-experian-data-breach-personal-data-of-millions-of-south-africans-found-online.html?utm_source=BusinessTech&utm_medium=SponsoredArticle&utm_term=February2021




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Challenges in SMME financing and support
News & Events Financial (Industry)
In a step towards empowering small, medium, and micro enterprises (SMMEs), a recent forum was held in KwaZulu-Natal aimed at developing and growing SMMEs through public-private collaboration.

Read more...
Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

Read more...
Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Read more...
Protect your financial assets from unknown online threats
Products & Solutions Information Security Financial (Industry)
Malicious actors employ a myriad of sophisticated techniques, such as hacking, phishing, spamming, card theft, online fraud, vishing, and keylogging, among others, to exploit unsuspecting individuals and gain unauthorised access to their financial resources.

Read more...
Is AI the game-changer for streamlining anti-money laundering compliance?
Financial (Industry) Security Services & Risk Management
In the aftermath of South Africa's recent grey listing, companies are now confronted with the imperative to address eight identified strategic deficiencies, while simultaneously reducing their financial crime risk through anti-money laundering compliance processes.

Read more...
FutureBank and IDVerse partner to fight cybercrime
Information Security Financial (Industry)
Generative AI is breeding different fraud types, and cybercrime is predicted to become the biggest economy in the world in the next 18 months. FutureBank and IDVerse have joined forces to keep their customers safe.

Read more...
Capitec installs Speedgate turnstiles
Turnstar Systems Financial (Industry) Access Control & Identity Management Products & Solutions
Capitec’s Head office in Cape Town recently took its security measures to the next level with the installation of three Speedgate secure lanes manufactured and installed by Turnstar Systems.

Read more...
Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Read more...
Combating South African financial crime with RegTech
Financial (Industry) Security Services & Risk Management
RegTech South Africa is an emerging and dynamic industry with new regulations being consistently added and the need for compliance being more important than ever. With the recent Greylist announcement of South Africa, by FATF, compliance with international standards and regulations cannot be ignored.

Read more...
Integrating existing technology and AI
Secutel Technologies Financial (Industry) Access Control & Identity Management Products & Solutions AI & Data Analytics
Financial institutions require strict security processes governing staff and visitors (including unwanted visitors), from the perimeter, right into their campuses and buildings; however, replacing all existing security systems with new technology is not always viable.

Read more...