Recent headlines have highlighted a number of serious high-profile security breaches at banks, regulatory and government institutions. This news has garnered a wider conversation within the financial services industry about ongoing threats posed by cyber attacks and the prolific usage of unauthorized off-channel communications technology.
Symphony’s leadership team have shared their expertise regarding the impact to the industry and offer valuable insights into how firms can collectively respond to information security threats. Here are 7 key insights from these conversations:
“They’ve chosen to use a forked version… because it’s more convenient”
Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here
Software design significantly impacts user security choices, as Symphony’s CISO, Mitch Hibbs, points out. Users, even those with access to secure systems, may opt for less secure but more convenient messaging apps. This highlights how ease of use can outweigh security concerns, as seen in cases involving government officials. Product designers, therefore, have a critical role in creating software that is both secure and user-friendly.
“Once an email is out, it’s gone… You totally lose control over it”.
Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here
CIO Dietmar Fauser emphasizes the security risks of relying on email for communication. Despite its prevalence, email’s outdated encryption renders it vulnerable to interception, making it an insecure channel for exchanging information with customers. This vulnerability is heightened by the ease with which email addresses can be spoofed, often leading to misdirected messages. Consequently, email falls short in providing adequate protection against data breaches, scams, unauthorized third-party access, and lacks end-to-end encryption.
“Symphony does not, has not, and will not rely on unsanctioned cracked or forked versions of other companies’ products”.
Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here
CPO Mike Lynch strongly advises against the unauthorized and unsupported practice of forking or cloning consumer applications. Platforms targeted by these clones do not endorse such actions, highlighting significant weaknesses in their security protocols. Unsuspecting users risk data compromise through these illegitimate applications.
“The largest institutions – we’ve spent multiple months with their security teams”
Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here
Mitch Hibbs, CISO details how working with our customers’ security teams has allowed Symphony and its customers to develop a better understanding of their complex security needs. This collaborative approach to information security enables both parties to collectively improve, strengthening security resilience, in a mutually beneficial partnership.
“When we see products in the market that fundamentally don’t protect your data or your customer’s data – It’s a problem”.
Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here
Mike Lynch, CPO, states that communication data is amongst the most sensitive data that our customers maintain. Symphony works tirelessly to ensure that our platform and architecture protects the data at your own firm as well as the most sensitive data, your customer’s data.
Symphony is fully committed to Digital Operational Resilience Act (DORA) and similar obligations enforced by regulators globally, to ensure that technology serving financial institutions must comply with rigorous technical, reporting and governance standards to maintain cyber resilience.
“The financial industry… want to use a communication mechanism like WeChat or WhatsApp”.
Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here
Mitch Hibbs, CISO discusses meeting the financial industry’s preference for WhatsApp. Financial professionals continue to show a stubborn preference for communicating over WhatsApp, even despite regulators enforcing over $3B in fines for poor “off-channel” messaging compliance.
While Symphony sees the widespread adoption of such off-channel communication channels, we also recognize our customers’ need to adhere to compliance and security requirements mandated by regulators.
“A lot of the solutions that were originally put in place were Band-Aids”.
Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here
Mike Lynch, CPO shares about the recent rush of firms looking for compliant communication solutions, driven by the potential for fines for non-compliance. As the market increasingly sees the growth of off-channel communications by the financial services industry, enormous scrutiny is also being placed on providers that are too quick to market with flimsy, poorly architected solutions that open firms up to security and other risks.
Since Symphony’s inception, our solutions have been built with uncompromising security and compliance capabilities, tailored to the stringent requirements of the highly regulated financial sector. Symphony is a member of the Meta Business Partner program, and its Federation product enables secure and compliance-enabling communication over WhatsApp.
Read about Symphony’s comprehensive approach to security and muti-channel communication here.
The Digital Operational Resilience Act (DORA) is now in effect as of 17 January 2025. Broad in scope, this landmark legislation represents a major step in strengthening the cyber resilience of financial entities across the EU. Market participants, along with critical information and communications technology (ICT) providers, are subject to direct regulatory oversight and must comply with extensive technical, reporting, and governance requirements.
Attempted data breaches are becoming more sophisticated by the day. Both U.S. and European agencies are currently urging businesses to adopt encrypted messaging solutions to safeguard sensitive information. These recommendations are made in light of several high-profile data incidents that have compromised private communications, particularly within government and political circles.
Data security and regulatory controls grow more important every year, due to increasingly sophisticated hacking groups, generational shifts in technology and the massive financial fines imposed by the regulators in cases of non compliance with data-handling requirements. The pressure is on for trusted partners that deliver robust data security that prioritizes cryptographic protection, offers purpose-built security solutions, and fosters a culture of collaboration and transparency.
