Cyber Risk Management in Core Banking System

Cyber Risk Management in Core Banking System

Cyber Risk Management in Core Banking System

How risk-free is your financial environment?

The latent occurring of risk and its impact is reduced by Risk Management. Risk Management circumscribes the process of identification, analyzing, controlling & reviewing risks to the business. It is imperative for any business to respond to the risks and usually the response takes one of the embodiments such as Acceptance, Avoidance and Mitigation. Organizations that do not have a well-thought out Risk Management Strategy are exposed to financial & reputational losses.

Key pillars of Risk Management:

Assessment: The risks should be proactively assessed by leveraging techniques & controls like threat modeling.

Acceptance: Based on the risk-appetite of an organization informed decisions have to be made with regard to tolerance for risk exposure.

Strategy: A comprehensive strategy should be crafted for prevention & mitigation of risks.

Action: A set of suitable actions have to be performed as per the strategy.

Mitigation: Plans for responding to security breaches have to be established a priori.

The Banking sector and financial institutions are most conducive for various risks and threats. Typically, risks are from Cyber Criminals and vulnerable breaches.

A look at the magnitude of exposure in this sector: On an average, there is an attempted ransomware attack once every 11 seconds! Some of these attacks are resulting in millions of dollars of losses to the banks across the globe, every month.

Magnitude of the risk

Banks carry 91% of the Cyber risks while insurance companies carry 7%. Drilling deeper, among banks, retail banking carries 39% of the total risks and credit cards account for 25%. The associated data breaches could impose huge penalties on the institutions. For example, GDPR perpetrators could charge penalty of up to 4% of the worldwide enterprise revenue.

An Example:

One of the Big Banks in the Asia pacific wanted to reduce the overall cyber risks by having appropriate controls as part of the risk management strategy. Security experts at IGS crafted and implemented a world-class security solution encompassing threat modelling, SCA, SAST, DAST, VAPT, DevSecOps and so on. Also, they automated loan processing system end-to-end with effective security controls. This resulted in reduction of security risks by over 60% along with reduction of loan application processing time by about 75%.

Click here to learn more about IGS security services

SUBSCRIBE TO OUR NEWSLETTER

SOCIAL MEDIA

WOULD YOU LIKE TO TALK TO US ?

Don’t get bugged by testing, leave it to our experts

Don’t get bugged by testing, leave it to our experts

Don’t get bugged by testing, leave it to our experts

Client Situation

  • A multi-year half-a-billion dollar program spanning across 2 culturally different Airlines organizations, and 6 third parties including top IT institutions required a test strategy and plan that was practical to implement, easy to execute, and aligned cross functional and organizational business and technology teams.

IGS Solution

  • Using prior years of expertise, institutional knowledge, understanding of system and business constraints, IGS Leadership team in the past built a strategy and developed detail plans 6 months prior to the integration testing. Later rallied rank and file to align to the strategy and plan.
  • Setup a Test Management office to manage strategy and planning, defect management, enterprise reporting, test execution planning, environment management, and quality metrics reporting.

Result and Benefit

  • A clear cut strategy helped the business define tangible goals, participate in planning, and support testing.
  • Advanced planning of the support models helped teams ramp up or ramp down according to the plan.
  • Detailed plans tied to budgets helped improve management’s understanding of variances in schedules, cost and quality.
  • Reporting methods and Dashboards helped management make timely decisions by clearly articulating the progress, quality and schedule risks.
  • Overall Strategy was executed with less than 5 % variance.

SUBSCRIBE TO OUR NEWSLETTER

SOCIAL MEDIA

WOULD YOU LIKE TO TALK TO US ?

Testing is not just our business it’s our passion

Testing is not just our business it’s our passion

Testing is not just our business it’s our passion

Client Situation

  • Client required sophisticated reporting solution to measure quality on a $100MM+ multi-year program involving multiple external entities.
  • Several attempts to customize enterprise tools for reporting fell short.
  • Reporting required daily syncing and matching data across three systems of record.
  • Consumed by 250+ stakeholders and used in executive decision-making.

IGS Solution

  • Streamlined processes and governance.
  • Developed and implemented a custom utility to automate data extraction, cleanup, synchronization, standardization and normalization.
  • No human in the loop (robotic) utility using open source tools.
  • Established single source of truth for quality reporting.
  • Retired one defect management tool.
  • Built additional utilities to improve efficiency included: Bulk update automation, Bulk creation automation and synchronization tool.

Result and Benefit

  • Reduced costs of operation for defect management by 30%.
  • Eliminated license cost for one of the two enterprise tools for 50+ users by retiring it.
  • Low maintenance cost for new custom utility and no licensing costs.
  • Scaled reporting scope to other projects in the organization.
  • Due to the consistency and high quality of reporting, client was able to retire reports generated by other groups creating a single source of truth.

SUBSCRIBE TO OUR NEWSLETTER

SOCIAL MEDIA

WOULD YOU LIKE TO TALK TO US ?