Competition in the Financial Services and Insurance (FSI) sector has never been as diverse and unrelenting as it is today. Neither have the ever-present threats of cyberattacks, the ubiquitous power of industry regulators, and the subsequent requirements of compliance.
Right in the very epicenter of these multiple intertwined pressures is where your data sits. For any organization, your role is not just to make sure it sits comfortably and safely, but also that it proves its value.
- …of the Competition: The value of data is what keeps you ahead of the competition, by enabling you to gain a complete view of customer behaviors and a powerful basis for predictive analytics to anticipate customer needs and innovative services to enhance the customer experience.
- …of Compliance Requirements: With solid Data Governance principles and solutions in place, your data will keep you ahead of the regulators, by enabling you to spot and rectify non-compliance issues (relating, for example, to GDPR) before they do. You can explore the right way and understand the wrong way to implement sound Data Governance here.
- …of the Ever-Present Threat of a Data Breach: Whilst not a cybersecurity technique in its own right, Data Governance is the essential component of security, without which any cybersecurity posture runs the risk of being piecemeal. It will be potentially as weak in parts of your data and IT estate as it is strong in others. When this happens, hackers will jump in, since there are few characteristics they like better in a system than lack of resistance in an organization's approach to its data.
The Hacker Mentality
So, you work for a financial institution, but what if you didn’t? Imagine that you woke up this morning and you were a hacker, of the cybercrime genre; unless, of course, you are one.
One of two recurring objectives would characterize your day. You either want to create turmoil, for reasons best known to yourself, or you want to make money in a way that even you would have to admit is fraudulent or illegal. The hunting ground for your cyberattacks is most, if not all, of the digital world.
Motivations aside, where will you look for your likeliest victim? If it’s money you’re after, then you’ll probably start poking around the FSI sector. From your potential candidates, you’ll then look for the path of least resistance.
Finding who to attack may take a bit of probing, but won’t be overly time-consuming, since you’ll be looking for companies whose defenses are lapse or non-existent, with rickety authentication procedures, weak passwords, out-of-date software, and other half-open doors.
As you start your day as a hacker, you’ll be delighted to hear that you’re not a lone wolf: “Cyber-attacks against major financial institutions have grown significantly in recent years. An analysis in 2015 found that financial organizations were targeted four times more than other industries. Only four years later, financial firms experienced as many as 300 times more cyber-attacks than other companies”. [Forbes]
Enough with the imagined scenario; now let’s look at what the reality of all this is given that you actually really do work for a financial institution…
Finance is Technology is Finance
Every financial institution is a technology company. In its rawest manifestation, any finance or insurance business rests on two pillars: money and technology. You cannot have one without the other; apart from in that long ago time when technology was no more than the stuff of sci-fi novels.
In today’s digital world money management and technology have merged. Once you accept that such statements are true–even though you may be sitting in the offices of a long-standing traditional financial institution where legacy systems clunker on–it follows that your technology needs to be cutting edge. Only when it is will you lose your appeal to hackers as they ponder, over their first coffee of the day, who the weakest in the financial sector herd might be.
The Best Data Defense Strategy
Unless hackers have your organization in their sights as part of a deliberate strategy to harm your organization, and yours alone, they tend not to waste time trying to work out problems.
What hackers crave is data.
It’s their commodity.
Once they have it, the money flows,
or the havoc is unleashed.
If they encounter seemingly impenetrable barriers to entry into your systems they’ll simply move on to the next company. This is important from a security point of view–your organization has to be single-minded about becoming a problem to hackers. If it isn’t, then the converse is automatically true–you become an opportunity.
A definition of Data Governance offered by Google Cloud runs like this: “Data governance is everything you do to ensure data is secure, private, accurate, available, and usable. It includes the actions people must take, the processes they must follow, and the technology that supports them throughout the data life cycle”. All that is missing from that statement is that Data Governance has to evolve as technology accelerates and hackers become increasingly adept at what they do.
Hackers can crack passwords through phishing, social engineering, malware, brute force attacks and at least eight other techniques. If one doesn't work, they may try another. Once again, when they’ve tried quite a few they will lose interest because time is money.
Protect Your Data, Your Time and Everybody’s Money
If you have absolutely no thoughts in your mind at all that your Data Governance could not possibly be any better, then all is well. Just one sneaking suspicion that perhaps some recent staff are not yet briefed on password protocols, or compliance, use of their own unauthorized devices for company purposes, or opening personal emails at work without due diligence; if your data estate is awash with unstructured data, out-of-compliance, or duplicated or dark data; if you are not 100 percent sure that you know what and where all your data is, all the systems you have, and what business needs they support…any of those nagging issues or more, your approach to Data Governance needs an overhaul.
If you feel your organization still inclines a little towards the traditional rather than being obsessed by the digital way of doing things, your data Governance needs an overhaul.
Digital Transformation continues to move traditional FSI firms outside their comfort zones, while being the birthplace and natural habitat of Fintechs and challenger banks, both largely digital-only and unencumbered by having to juggle legacy and new technologies and systems.
While the digital-only delivery model is attractive to digital-savvy customers, it’s not just the tech turbo-charging aspect that attracts customers. It’s that these banks deliver great customer experiences. They only do that by being on top of data and predictive analytics. And they only do that by being focussed on innovation and not hand-tied by housekeeping.
NowPrivacy helps financial businesses to protect their data. We then help them unlock its power through robust Data Governance that tracks data access and security on whatever journey it takes between users, locations, teams, holdings, and partner organizations. Take greater control of Data Governance overall with an overhaul. Contact us today for a proof-of-concept or demo.