First they must focus on providing the best possible customer experience in terms of mobile and online application availability, performance and security. For NetOps and InfoSec teams, this means delivering on three core mandates.
1. Deploy additional capacity and services faster than ever
Practically overnight, NetOps and InfoSec teams must support a vastly different network landscape than before. They must ensure continuity and security while redeploying network resources to enable:
# Increased demand for mobile banking and online services. Work-from-home has made consumers and SMB customers increasingly reliant on mobile applications and online services. In response to this, financial services organisations have to quickly ramp up capacity for their existing capabilities.
# New online capabilities: At the same time, companies on a multiyear road map for digital transformation are condensing the plan to move up delivery of new capabilities within days or weeks as the situation evolves from work-from-home to return to work.
# Work-from-home: Many financial services companies closed their customer service call centres and transitioned their staff to work-from-home. Organisations that made this switch are now considering whether this will become a permanent model, and if so, what application, security and infrastructure changes are necessary to support this model.
2. Shield the company from opportunistic cyber criminals
In this time of unprecedented change, the technology that financial service organisations and their customers depend on has never been more critical or more foundational. But with the world in flux and IT spread thin, attackers are seeing new opportunities to exploit vulnerabilities and cash in on the changes being made in response to the pandemic.
KPMG warns that cyber attacks have surged and financial services “… firms will need to shore up their cyber defences…”
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) issued a joint alert with the U.K.’s National Cyber Security Centre (NCSC) on the exploitation of the current crisis by cyber criminal and advanced persistent threat (APT) groups.2
In addition to other schemes, the two agencies note that attackers have been probing for known vulnerabilities in VPN gateways and remote-access tools. “The NCSC and CISA have observed actors scanning for publicly known vulnerabilities in Citrix … and [we] continue to investigate multiple instances of this vulnerability’s exploitation.” The Citrix vulnerability (CVE-2019-19781) and its exploitation have been reported online since early January 2020.
3. Do It all while optimising costs amid spending constraints
To deliver security, agility and scalability in a rapidly shifting environment and optimise costs with an uncertain budget, NetOps and InfoSec teams need a solution that provides:
- Real-time visibility into all network traffic to understand and optimise performance and improve security
- Analytics to optimise and manage network performance to accommodate and secure increasing volumes of data and traffic
- A single pane of glass that simplifies network and security operations across physical, virtual and cloud environments
- Threat detection and response to find and remediate threats on the network faster and minimise disruption
- Automation to free up staff and allow them to do more, faster.
Industry analyst group Gartner identifies improvements in visibility and agility as one of the key benefits of what it calls NetOps 2.0, a set of principles that provide ‘new ways to operate networks’ to keep pace with digital business.
The firm recommends investing in network analytics and automation to reduce friction and improve collaboration between NetOps, InfoSec and DevOps teams, leading to the reduction of manual effort and streamlined value delivery. Adding network analytics and automation tools helps close the skills gap that exists in most organizations.
Read my company’s whitepaper ‘Guide to Zero Trust for Financial Services Organizations’ for more insight into NetOps and InfoSec challenges within financial services, and what’s needed to address those challenges.
References
Lewis, James. “COVID-19 Insights – Emerging Risks.” KPMG, April 1, 2020. https://home.kpmg/xx/en/home/insights/2020/04/covid-19-insights-emerging-risks.htm l.
‘Alert (AA20-099A): COVID-19 Exploited by Malicious Cyber Actors.’ Cybersecurity and Infrastructure Security Agency (CISA), April 8, 2020. https://www.us-cert.gov/ncas/alerts/aa20-099a.
Ganguli, Sanjit, John Chessman, and Andrew Lerner. ‘NetOps 2.0: Embrace Network Automation and Analytics to Win in the Era of ContinuousNext.’ Gartner, October 9, 2019. https://www.gartner.com/en/documents/3970170/netops-2-0-embrace-network-automation-and-analytics-to-w.