Financial Services

Edge computing brings processing closer to the data source. For financial services, this means processing transactions, analysing risk, and detecting fraud at the network edge — closer to customers, exchanges, and data sources — rather than in a centralised cloud data centre. Edge computing is not new. Trading firms have colocated with exchanges for decades to minimise latency. But the cloud providers’ edge offerings — AWS Wavelength, GCP Distributed Cloud, Azure Edge Zones — have made edge computing accessible to a broader range of financial services firms. ...

Multi-cloud is the most overused and misunderstood term in financial services technology. Most banks that claim to be “multi-cloud” are actually running primary workloads on one cloud provider with a secondary provider for disaster recovery. True multi-cloud — running production workloads across multiple cloud providers simultaneously — is rare because it is difficult, expensive, and often unnecessary. But for some financial services use cases, multi-cloud is not a buzzword — it is a regulatory requirement or a business necessity. The key is knowing when multi-cloud makes sense and when it is just adding complexity. ...

The Russian invasion of Ukraine on February 24, 2022, was the first major conflict with significant cyber dimensions. Ukrainian banks, government agencies, and critical infrastructure were targeted with DDoS attacks and destructive malware before and during the invasion. Financial services firms worldwide were put on high alert. Geopolitical conflict creates unique cybersecurity challenges for financial services: increased threat activity, state-sponsored attackers targeting financial infrastructure, and the risk of collateral damage from cyber weapons. Financial institutions must prepare for these threats before conflict begins, not during. ...

Your software is only as secure as the weakest dependency in your supply chain. The SolarWinds attack (December 2020) compromised 18,000 organisations through a single compromised software update. The Kaseya attack (July 2021) compromised 1,500 businesses through a managed service provider’s remote management tool. Financial services firms are high-value targets for supply chain attacks because they use the same software as every other organisation — but they hold more valuable data. A compromised dependency in a banking application is more valuable to an attacker than the same dependency in a startup’s application. ...

On May 7, 2021, Colonial Pipeline — the largest fuel pipeline in the United States — shut down after a ransomware attack. The attack disrupted fuel supply across the eastern seaboard and cost the company $4.4 million in ransom. The cause was a single compromised VPN password. Financial services firms are higher-value targets than pipelines. A successful ransomware attack on a bank could disrupt payment processing, freeze trading systems, and compromise customer data. The Colonial Pipeline attack is a case study in what happens when cyber resilience is treated as a compliance checkbox rather than an operational capability. ...