Providing leaders the information they need as their institutions do MORE
People Continue to be the Most Important IT Resource
The battle for tech talent continues. While postings for technical positions declined in November, there is still more hiring than layoffs, with the unemployment rate for technology jobs dropping to 2%, down from 2.2% in October. [1]
We are Seeing Inflation – Résumé Inflation
With the strong demand for technical staff, there is also a significant increase in technical applicants "inflating" their job skills to advance their career ladder with a new employer. While financial institutions are experienced at hiring lenders, it's difficult for leaders in financial services to identify skill inflation that may be present with technical applicants.
OCC and FDIC Continue Focus on Technology Risk
While interest rate risk and credit quality are starting to return as risks regulators are watching for, technology risk continues to be a focus. Why? Regulators see trends that individual financial institutions (FIs) don't see. They have insight into cyber-security events occurring at FI and FI vendors across the nation and are concerned about what they see.
The OCC recently commented on an elevated level of Operational risk. Numerous risks were named, including an increase in the sophistication of cyber-attacks, an upward trend in ransomware attacks, and demand for specialized technical staff. Noteworthy was the comment that "Operational risk is often a lagging indicator, and some of the risk exposure may manifest in the coming quarters. It is important for the industry to remain vigilant and fully assess its risk exposure." [2]
FDIC Chairman Gruenberg commented before the Senate Banking Committee that evaluating cybersecurity practices continues to be a high-priority focus of the FDIC's supervision program. He further commented that the FDIC recently examined ransomware attacks against FDIC-supervised institutions, and their service providers, commenting, "examination of ransomware attacks suggests significant vulnerabilities exist." [3]
Attacks can be Defended Against, and Regulators will Look for Controls that Do Exactly That.
Chairman Gruenberg commented that examinations found institutions that dedicate resources to implementing appropriate controls can effectively defend against cyber-attacks. He also stated that the FDIC is piloting technical examination aids that will help examiners focus on the controls found to be most effective in defending against attacks. Where controls are found to be missing, a bank or service provider's response could make a big difference.
When a Cloud Vendor says they are "Globally Redundant" as Bankers, We hear "Globally Unsecure"
Large, public cloud providers have a global presence. That also means heightened global security risks. An industry-specific cloud provider will better understand the security risks of a specific industry being served and therefore be better able to address those risks.
Industry-Specific Cloud Computing – More Capabilities and Better Outcomes
A motel chain's technology and support needs are different than what a financial institution needs. Industry-specific clouds (such as BankOnIT's Bankers Private Cloud) provide support and service tailored to the industry's needs. Industry-specific cloud providers are also familiar with the various software vendors serving a specific industry and can leverage knowledge about vendors across a large number of client installations, providing them better results for their technology dollar.
Cloud Vendors and Regulators
Banking-specific vendors are also experienced at meeting bank regulatory compliance requirements, with audits and exams by Federal banking regulators. Vendors that support a multitude of industries typically are not examined, lacking the regulatory knowledge banks need. When regulators from the Federal Reserve asked for information from a large public cloud provider, they balked and had previously lobbied against increased cybersecurity standards, arguing that they "simply sell a system and turn over the job of running and securing it to their clients" according to this article in the Wall Street Journal.
Fast Facts
- Ransomware is growing exponentially, with this year's increase as significant as the increase in the last five years combined. [4]
- 80% of threat actors are from external sources.
- 96% of external threat actors' motive is financial or personal gain.
- The attacker accomplishes over 75% of cyber security breaches in three or fewer steps.
Why? More steps take more time and resources, increasing the risk of discovery. Like any well-run business, the attackers want to be as efficient as possible and focus on those targets where access can be gained in as few steps as possible. One of our goals is to lengthen the attack path to make us, and you, an undesirable target.
Your Vendor Made Their Move. Now Make Yours.
A significant number of Managed Service Providers (MSPs, or network technology support firms) have sold in roll-ups to private equity-backed MSPs. One reason might be these firms are trying to gain scale to sell to a larger firm or to take the firm public. Will longer-term employees at your MSP stick around after the sale? Will customer service levels change? Let us know what your institution is experiencing.
We want to hear your thoughts and welcome your questions. Reach us at solutions@bankonitusa.com.
[1] CompTIA Tech Jobs Report | Monthly Jobs Report Analysis
[2] OCC Reports on Key Risks Facing Federal Banking System | OCC
[3] FDIC: Speeches & Testimony - 11/15/2022 - Remarks by FDIC Acting Chairman Martin J. Gruenberg before the Senate Banking Committee on Oversight of Financial Regulators: A Strong Banking System for Main Street
[4] Business Cybersecurity Tips & Resources | Verizon
Submit your comment
Upon completion you will be automatically redirected to the electronic Authorized Resellers Agreement.