The launch of the bot comes amid a push across federal government to use robotic process automation to streamline agency processes. It will automate the currently manual process of paying invoices every month and updating budget lines items needed to pay invoices to customers or vendors. 

“It’s the first time we’re actually automating something through robotic process automation. So that’s what makes it so innovative for us is because the bureau doesn’t have bots right now, we were just sort of like putting our toes in that world,” Peter Sursi, head of finance modernization, accounts payable and relocation services said at the Adobe Government Forum in Washington on Tuesday. “So for us to get one on the finance side for us is pretty exciting. It’ll save us a lot of labor hours.” 

The tool would affect all 56 FBI field offices and approximately 250 task force officers that process the financial payments within those offices as well as FBI customers who get paid through the invoices which were previously manual processed and time intensive.

Sursi said the new finance bot was created in the past two months and is in final stages of testing, which has energized his team to create a longer list of FBI finance projects that could be automated and made much faster thanks to bot automation.

In March, State Department CIO Kelly Fletcher revealed that her agency had used robotic process automation to cut the processing time for its monthly financial statement from two months to two days.

Speaking at FedScoop’s ITModTalks, Fletcher said financial reporting was one of several areas where the agency is using AI to improve the efficiency of back-office operations, which has the ability to substantially improve reporting processes because of State’s federated structure and global operations.

The post FBI finance team working on first software bot appeared first on FedScoop.

Speaking to FedScoop, Brian Whittaker said the Federal Deposit Insurance Corp. (FDIC) will reorient itself to become better prepared internally to supervise fintech companies, and other new tech entities in the financial services sector. The comments from the recently installed technology leader come as the agency moves ahead with the relaunch of its innovation lab.

“We now have less of an outward focus on policy and instead more about how do we modernize the FDIC to be prepared to receive crypto currency and adopt new technologies. We want to be familiar with the technologies so we’re not caught on the back foot when crypto and others hit in a bigger fashion,” Whittaker said during a Nava Public Benefit Corporation event on Thursday.

“Now our focus is on how do we improve CIOs capacity to deliver for business units. How do we test out blockchain ledger technology. How do we make sure FDIC is prepared for the direction that fintechs are going in financial services?” Whittaker added.

Whittaker, who is the former acting executive director of 18F, the digital services consulting group situated within the General Services Administration, took over as FDIC’s chief innovation officer in March.

Whittaker’s predecessor at the agency, Sultan Meghji resigned from the post earlier this year and dismissed the FDIC as “hesitant and hostile” to technological change in a blistering op-ed published by Bloomberg News in February.

According to Meghji, he received resistance from staff in response to basic modernization efforts such as ending the use of fax machines and physical mail. In the op-ed, Meghji also criticized the knowledge and open-mindedness of staff.

Whittaker added that he plans to take his time getting to know and gain the trust of staff within the agency before pushing for change in areas like robotic process automation (RPA) in order to increase capacity from manual processes. 

The post FDIC prioritizing internal modernization says acting chief innovation officer  appeared first on FedScoop.

Since the outset of the COVID-19 pandemic, financial institutions have launched a wave of cloud-based initiatives to support employees with remote access. But in addition to that, the way customers interact with institutions is driving those organizations to push forward digitization initiatives for “banking anywhere, mobile everywhere” that allowed them to engage with and maintain their customer-base during the pandemic

John Checco, Resident CISO, Financial Services, Proofpoint

Due to the growing need to support a variety of remote users, maintain business resiliency and align with federal compliance, financial institution leaders and regulators must also contend with heightened security risks that may occur with these quick changes. In some cases, organizations that eased up on rigid security protocols to accommodate shifts in user demands may find themselves unprepared to ensure they are building resiliency against both internal and external security threats.

Security blind spots across finance networks

Cyberthreat actors are quickly adopting techniques, tools and procedures to exploit security blind spots that have resulted from expanding capabilities in the cloud, creating new avenues to infiltrate organization networks that financial organizations share to conduct daily business. Since 2020, Proofpoint has seen a significant jump in the number of cyberthreat actors targeting the networks we monitor, especially via cloud and supply chain vulnerabilities.

Some of these risks are exacerbated by the reliance on legacy transaction systems which continue to be used even though they are fragile systems with limited support and migration to the cloud may be infeasible. Due to their aging architectures, the security controls in many of these systems were often added over time and not designed to interact with today’s more modern systems — leaving them more vulnerable to financial fraud and insider threats. Additionally, we are seeing more sophisticated attacks leveraging socially engineered email tactics or credential dumps from prior hacks that leave employees susceptible to account takeover attempts.

The financial services (FinServ) sector is particularly unique because institutions make up a broad range of financial activities such as banking, investing and insurance that relies on an interconnected network of underlying service providers, including an institutions’ own competitors. As such, hackers have more opportunities to insert themselves in the middle of financial transactions and infiltrate a broader network of finance operations.

Security blind spots inside the network

Those concerns — and the risk of insider threats — have grown larger and more acute with the dramatic expansion of remote workers. Those could either be negligent users who may mistakenly violate policies while trying to perform their job remotely, or malicious users who wish to profit from or harm the organization. 

Finance regulatory agencies will need to play a significant role in how the FinServ sector adapts to new workforce requirements because certain compliance regulations were established based on the assumption that in an office setting there are certain physical and logistical separations. 

While easing regulations during the pandemic allows institutions to continue operating, this unintentionally causes larger issues with security and compliance. As a result, new solutions are needed to help institutions ensure their employees continue to meet compliance standards. For example, during Y2K we saw how easements were lifted to allow organizations deal with that challenge. But what regulators and institutions discovered later was more widespread cases of non-malicious collusion amongst firms.

By working to set new compliance standards around zero-trust security practices, the finance sector can implement a series of tools and policies that help mitigate risks across the network. 

For example, establishing multi-factor, risk-based authentication and conditional access across the enterprise can be paired with other tools that isolate internal-facing browsers to limit data leakage, similar to tools that isolate external facing browsers. And today, modern insider threat management solutions can look at user behavior analysis and anomaly detection go beyond basic triggers such as bandwidth usage and login attempts, to include more advanced detection capabilities which indicate when a security threat needs to be investigated. 

Adopting a data-informed people-centric security approach

Cybercriminals are getting more organized and sharing information obtained from multiple breaches and known visibility gaps. Consequently, the FinServ sector needs to improve its information sharing practices. While the federal government has been supporting strong collaboration practices across the sector since 2018 under the Analysis and Resiliency Center (ARC), the exponential rate that threat actors are working to compromise networks requires a stronger response from both federal regulators and the industry.

At Proofpoint, we believe that taking a people-centric approach to security can better equip organization leaders with insights on both the cyber attacker and the profile types of employees who are being targeted. This risk-based approach allows for targeted security spending where it makes the most sense.

We work with a global network of customers every day to detect and block advanced threats, leveraging over 8,000 gateways across both public and private organizations to gather information on which entities within a specific sector are being targeted and creating contextual security awareness for our customers.

Our ability to share security data behind the scenes, not only give organizations a better chance to extend the visibility of their cyber risk but also to get ahead of, or predict, future threats. 

And we can strengthen the security posture of our clients with a variety of other security tools. For example, domain-based message authentication, reporting and conformance (DMARC) solutions allow organizations to identify the email domains from their trusted suppliers and set policies for incoming emails that block traffic from senders that don’t have an approved IP address or bear the right cryptographic signature. Organizations can also manage access internally with tools like Nexus People Risk Explorer alerts security teams when employees may have too much access or are currently being targeted. 

Finally, my biggest recommendation to FinServ sector leaders and regulators leaders is to just take a moment and breath. The pandemic has brought about a lot of challenges that are both in our control and outside our control. But as long as we continue to work openly and collaborate across the industry, the finance sector will be able to come out stronger in the end.

Learn more about how Proofpoint can help protect federal agencies, and their people, against malicious attackers.

The post How finance regulatory agencies can help the sector mitigate security risks appeared first on FedScoop.