Bank reduces vulnerability and security incidents

The act digital team established new protection procedures and strengthened the cybersecurity culture

Challenge

One of the leading financial institutions in Brazil faced difficulties in maintaining a secure and up-to-date technological environment. There was low adherence to protection practices, such as software updates, which amplified the bank’s cyber risks.

Solution

A set of specific metrics was implemented to monitor the progress of corrections, along with baselines to define strategies based on the criticality of the vulnerabilities. Additionally, there was an effort to integrate teams to strengthen the cybersecurity culture through collaboration across different areas.

Results

The solution resulted in a 30% increase in the rate of vulnerability remediation and software updates. The company managed to mitigate incidents by 30%. These results contribute to maintaining a more secure and reliable technological environment.

Cyber threats are among the main risks managed by companies, requiring a comprehensive approach that combines appropriate technological tools with the strengthening of the information security culture. Adopting effective processes to identify and remediate vulnerabilities is essential to reduce risks and prevent incidents that can compromise the integrity and reliability of systems. However, this also depends on employee awareness.

In the financial sector, cyber risk is a critical issue with the potential to compromise service availability and damage the credibility of institutions in the market. Therefore, one of the largest banks in Brazil sought the support of act digital to elevate the security level of its technological environment.

Although the group is a pioneer in digital transformation, it was found that, culturally, there was low adherence to protection practices (such as software updates). This highlighted the need for a more structured and collaborative approach.

To overcome these obstacles, act digital developed a solution that integrated specific tracking metrics for correction progress and promoted collaboration between the Information Security, Operations, and Engineering teams. The implementation of this solution increased vulnerability remediation by 30%, reducing the occurrence of incidents by the same proportion. Learn how this work was accomplished.

mercado financeiro

Client: technological and financial innovation in Brazil

Founded in the 1940s in the interior of São Paulo, the business group that hired act digital quickly grew to become one of the biggest names in the financial sector in Brazil. Besides providing high-quality services, the institution is recognized for its role in managing investments and financial resources. Its success is based on sustainable practices that balance economic growth with environmental and social responsibility.

In the 1980s, the company initiated a technological revolution in the Brazilian financial market, introducing instant operations and the first private satellite data communication network. Additionally, it was a pioneer in launching home banking services and an automated customer service system for balance inquiries.

In the 1990s, the company advanced even further by adopting technologies such as fiber optics and lasers. With all branches and self-service terminals connected online, the institution was the first in Brazil (and the fifth in the world) to offer Internet Banking to its customers.

Challenge: Increasing vulnerability remediation and software updates

The company faced difficulties in strengthening the security level in the use of digital technologies and tools. There was low adherence to software update practices and the application of security patches, essential for system protection.

Although the information security department conducted detailed analyses and identified vulnerabilities, there was a lack of collaboration with other areas to implement the necessary measures. This resulted in slow responses and increased risks of system failures or unavailability.

Expected objectives

  • Maintain an on-supported environment (technical assistance): ensure all systems are up-to-date and supported by the manufacturer, avoiding obsolescence and compatibility issues;
  • Mitigate impacts related to security vulnerabilities: reduce risks associated with security flaws, preventing potential attacks and gaps;
  • Reduce incidents in the production environment: minimize the occurrence of issues that can disrupt operations and affect productivity;
  • Manage metrics through auditable processes: establish clear and verifiable processes for continuous monitoring and evaluation of security practices;
  • Create baselines for operating systems, databases, middleware, and application servers: define security and performance standards to ensure a stable and secure environment;
  • Strengthen the protection culture: improve adherence to security best practices by integrating different areas of the company and promoting a collaborative and efficient approach.

Solution: Process review and strengthening cybersecurity culture

To address the security and update challenges, specific metrics were developed to monitor the progress of vulnerability remediation. These metrics allowed for scaling the work and tracking the progress of fixes with the engineering teams. Additionally, baselines were created to define remediation strategies based on the criticality of the vulnerabilities. Integration between the Information Security, Operations, and Engineering teams was promoted to ensure a cohesive and productive approach.

proteção

Methodologies used

  • Identification of vulnerabilities: conduct comprehensive assessments of all organizational systems and infrastructures to detect potential weaknesses.
  • Prioritization of vulnerabilities: classify identified threats based on criticality levels and security impact;
  • Mitigation action: develop an action plan focused on correcting or mitigating the most critical vulnerabilities;
  • Implementation of patches (software updates): apply security procedures as recommended by the operating system and software manufacturers;
  • Patch verification: conduct acceptance tests to ensure updates do not cause system instabilities or interfere with operations;
  • Continuous monitoring: establish a process for ongoing monitoring of vulnerabilities and patches, checking the effectiveness of fixes and identifying new threats;
  • Security audits: perform standardized and periodic procedures to ensure vulnerabilities are effectively managed and systems remain protected.

Technologies

We extract metrics and present results using software:

  • HCL BigFix (for Linux servers)
  • Microsoft SCCM (for Windows servers)
  • Power BI

Results: higher level of protection and vulnerability remediation

With the implemented actions, the institution successfully elevated the security level of its technological environment. This improvement was achieved by combining the establishment of new processes aligned with the company’s demands and the strengthening of organizational culture. The notable results include:

  • A 30% increase in vulnerability remediation in production (operational) environments;
  • A 30% reduction in the occurrence of incidents involving known vulnerability exploits;
  • Greater alignment between the information security and platform engineering teams.

How we can help your company

Corporate cybersecurity is one of the main areas of expertise at act digital, working to ensure the integrity of systems and information. These objectives are achieved through an integrated approach, combining the use of technological tools, agile methodologies, and human-centric processes—essential for ensuring adherence to solutions.

We strive to develop end-to-end secure environments, assisting companies in governance and security strategies. Understand our key areas of focus in cybersecurity:

  • Prevention and defense against attacks: we constantly monitor threats and enhance cybersecurity to prevent attacks. This involves a defensive approach, utilizing technologies to identify and fix security flaws before they can be exploited;

  • Vulnerability analysis: we take a proactive approach to seeking out vulnerabilities, identifying weak points to reinforce system security;

  • Cybersecurity management: we implement tools and processes to comprehensively manage cybersecurity, ensuring that all aspects of the infrastructure are protected;

  • Governance and compliance: we support companies in adopting information security governance practices, aligning with current standards and regulations.

To reduce vulnerabilities and information security incidents, rely on comprehensive solutions that integrate technology and processes. Talk to our specialists!

Share
Copy
Article copied

Related

See all
bank_transactions

Bank Saves at Least R$ 2.4 Million Annually with Robotic Processes

Project executed by act digital conducts migration and closure of personal accounts through automated interface

App_Pension_Fund

App Update Enhances Functionality, System, and Usability

Modernization designed by act digital to address issues and enhance features for future system integrations

quality assurance

Quality assurance enhances financial services

Quality assurance process, incorporated into the development stages, streamlined testing and improvements

Do you want to transform your company and lead the innovation process? We have the right methods, technologies, and experts to support your business

image
Contact us