The Genie Is Out of the Bottle: Business Continuity in a Locked-Down World

At the start of 2020, when the word corona was associated primarily with astronomy or alcoholic beverages, digital transformation within the financial services sector was already well underway—driven by, among other things, the need for mobile app provision, the rise of open banking, and the move to hybrid cloud infrastructures. The intervening year has only accelerated this transformation.

The COVID-19 lockdown shut branches, forcing customers online; in fact, it is estimated that 35 percent of customers have increased their online banking usage during the pandemic. It also created huge obstacles in the daily commute, causing a massive and unprecedented shift to remote work across entire banking staffs. In the U.S., for example, Bank of America and Wells Fargo transitioned more than 150,000 employees—or roughly 70 percent of their workforce—to work from home. And in the U.K., Nationwide moved 98 percent of its workers to work from home in the space of just five days.

 This is not merely a blip, but rather signs of a permanent change. Customers that have grown accustomed to the speed and convenience of online banking are unlikely to revert to call centers or go back to using an agent or a branch to the same extent as they did previously. And remote work will become far more prevalent. For example, Rabobank, the second-largest Dutch lender, expects employees to work from home 40 percent to 50 percent of the time, while Nationwide has committed to making its telework changes permanent.

Business Continuity in the New Normal

These changes have massive implications for the financial institutions undergoing them, both from a service assurance and a security perspective.

In the digital world, customer experience is just as important a differentiator as product or price. Any service disruptions will have a massive impact on customer (dis)loyalty. Moreover, employees are disproportionately dependent on online systems. Any problems with the corporate VPN, for example, will bring the entire business grinding to a halt. With stakes that high, it is not surprising to find that companies such as Standard Chartered have increased VPN capacity by 600 percent over the last year.

This move to a highly dispersed, virtualized environment is a dream scenario for bad actors. Employees that were working on secure corporate infrastructures in a small number of banking premises are now spread across thousands of much- more-vulnerable home office locations. And given the pace with which these new services were put online, many will be “best effort” rather than best; even with the most robust business continuity planning in place, it’s unlikely that tens of thousands of workers can be redeployed within a few days without a few security issues being overlooked in the process.

Reinventing Security and Service Assurance for the Digital Era

The key objective of IT and business leaders now must be to ensure the reliable delivery of mission-critical business services. Financial services institutions cannot function effectively in this new normal unless their customer-facing applications and virtualized business processes can operate reliably and securely across wired and wireless environments—a challenge that the wholesale move to hybrid cloud infrastructures only makes more complex. This continuity mandate has implications for both security and service assurance teams.

For the first time in history, the annual number of observed distributed denial-of-service (DDoS) attacks crossed the 10 million threshold, with NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) seeing 10,089,687 attacks over the course of 2020. That’s nearly 1.6 million more attacks than 2019’s count of 8.5 million.

Monthly DDoS attacks regularly exceeded 800,000 starting in March, as the pandemic lockdown took effect. Indeed, as noted in the NETSCOUT Threat Intelligence Report 1H 2020, cybercriminals launched 929,000 DDoS attacks in Ma, which constitutes the single largest number of monthly attacks we’ve ever seen.

With cybercriminals enthusiastically exploiting pandemic vulnerabilities, the need for advanced automated DDoS technology is clear.

Meanwhile, service assurance requirements mean that companies must test and monitor new digital transformation projects over both wired and wireless networks—during and after deployment—to assure a quality user experience. It also requires that companies establish baseline service response times for new and existing services and introduce rapid service triage to reduce the time it takes to identify and remediate any vulnerabilities. Ideally, customized analytics would provide key insights into all business-critical applications and services.

This sounds like an unreachable nirvana, but it can be achieved by ensuring collaboration within IT teams and between those teams and the wider business, and by establishing clear lines of responsibility to avoid finger-pointing between project stakeholders and vendors.

The Network Is the Business

We are only beginning to understand what the post-COVID business landscape will look like, but we can be sure that it will be fundamentally different from its earlier incarnation. When it comes to the growth of online services and remote work, the genie is out of the bottle. More than ever, the distributed network will be the backbone of business service delivery in the financial services sector, and we must ensure it is more secure and performant than ever before.

Learn more about service assurance and security for the digital era.