More data breaches than ever.
The risk of cyberattack on financial services firms cannot be overstated.
At US$18 million per firm, cyberattacks cost financial services firms 50 percent more than the cross-industry average. Financial services firms also fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries.
Phishing attacks are on the rise. Phishing and social engineering are cyberattacks that manipulate people into giving up confidential information; they are also the most common delivery mechanisms for ransomware, or malicious software that denies access to, or threatens to publish, data unless a ransom is paid. A denial-of-service attack renders a service unusable by overloading its underlying systems.
Prioritize security as you move to the cloud.
A Gartner study estimates that more than half of all enterprises will implement a cloud strategy by 2025. But not all companies are ready or able to move to a public cloud environment. For instance, they may need to maintain data in their own data center for regulatory or latency issues. For these businesses, the traditional public cloud is not the only option.
Oracle Exadata Cloud at Customer provides a unique model that delivers the benefits of Oracle Cloud in your data center behind your own firewall, with built-in security, cloud consumption costs and capabilities, and infrastructure that is maintained by Oracle.
Among the most important benefits of Oracle Cloud is data security. Oracle Cloud operates under a shared responsibility model that builds security into every layer. All cloud solutions come with extensive, continual security measures so that you can focus on extracting value from your data rather than worrying about how to protect it. What’s more, all Oracle Cloud platforms provide the same security assurances and continued protections, so Oracle Exadata Cloud at Customer users realize the same level of security as public Oracle Cloud customers.
Regulators are watching—and so are consumers.
Given the potent mixture of valuable data, high transaction volume, and relentless, increasingly sophisticated hackers, regulators and consumers are on high alert about the vulnerability of sensitive financial information. In response to this “perfect storm,” banks and other financial institutions are taking a broader, more holistic approach to data security in the form of information governance. Financial services providers are expected to strengthen their core risk management governance, controls, practices, and reporting, particularly in the areas of cybersecurity, third-party risk management, and conduct and culture, on a continuous basis.
In a recent report, KPMG identified 10 key regulatory challenges they believe will impact the industry and the solutions financial institutions should consider.
Embed cybersecurity and data privacy compliance into enterprise risk management programs and IT decisions.
Improve risk identification, scenario analysis, business line accountability, issues management, third-party management, and reporting.
Create a framework that prevents misconduct at its root and establish strong controls encompassing continuous governance, oversight, and monitoring.
Create an integrated program that drives collaboration between compliance and the rest of the organization.
Integrate and automate financial crimes activities to facilitate data and reporting requirements and affect cost-containment measures.
Adopt innovations such as enhanced automation and regulatory technology. Establish change governance, quality testing, and capacity and skills-based changes to reduce technology-change risk.
Enhance risk management and conduct programs, improve data integrity and reporting protocols, implement effective misconduct controls, and drive greater accountability in your clients and portfolios.
Deploy enhanced technology, automation, quality checks, and reporting processes at all levels of the organization, including customers, financial activity, employee behavior, and third-party transactions.
Expect fewer capital and liquidity requirements for smaller firms and more-streamlined requirements for larger firms.
Reassess capital and staffing allocations and third-party relationships. Global regulations such as General Data Protection Regulation (GDPR) and The Markets in Financial Instruments Directive (MiFID) II will directly impact areas of global operations, including compliance and tax functions.
Oracle Engineered Systems have security built in.
Given this all-encompassing approach to information governance, intermittent patching of poorly integrated hardware and software is no longer adequate. Oracle Engineered Systems such as Oracle Exadata and Oracle Zero Data Loss Recovery and Appliance, together with Oracle Database, help you minimize security threats and downtime when applying security patches. You can patch the entire Oracle IT stack at one time, rather than patch individual systems, storage, and networking products in typical do-it-yourself environments.
Leading US$200 billion financial services company reduces patching by 95% with Oracle Exadata.
Before implementing Oracle Exadata, IT at this leading financial services company had to perform 1,392 patches per year across more than 150 systems and corresponding operating systems from five different vendors. Not only did all of this patching require resources, but a missed or misapplied patch could lead to downtime or leave security holes that could be exploited by hackers. With the consolidation made possible by Oracle Exadata, only four patches are required per year, performed by Oracle, significantly minimizing security and downtime risk.
GDPR and the future of regulation.
Europe’s recently enacted General Data Protection Regulation (GDPR) represents a broad new approach to customer privacy. GDPR currently applies to all global companies that handle European Union (EU) citizen data, but it represents a global trend. These and similar new laws will have lasting effects on the way global corporations do business. Financial firms are certainly no strangers to data security regulation—think Payment Card Industry Data Security Standard (PCI DSS)—but leveraging big data means collecting and analyzing ever-greater amounts of customer information, increasing risk commensurably.