August 15, 2018 | Written by: Matthew Konwiser
Share this post:
If you managed a restaurant, would you eat there if you knew the staff dropped food on the floor?
Many times, security professionals working in the financial sector find themselves in the same situation. They can manage environments and keep them up to regulatory needs, but they aren’t always capable of finding highly motivated bad guys. This inadequacy puts client’s money at risk. If they use their own company’s services, then they’re eating their own “dirty food.”
If it was as easy as implementing the tools, people and processes to fix the gaps, I believe every organization would do it. Except, it’s not that easy.
To conduct business, financial organizations must adhere to strict regulations about how to handle personal information and transactions. For multi-national businesses, the number of regulations can increase exponentially. This increase can often be a full-time job for a typical security staff. It will rapidly consume budget and resources, and because it’s a tangible measure that is checked regularly it’s always being monitored.
The organic growth of a business has also created barriers. Silos of teams, divided by job function or product offering can exacerbate the situation. Every team has their own political and data boundaries. Creating a single, unified view of threats and how to defeat them across those lines can sometimes be very difficult.
What is needed is a method to organize information, teams and cybersecurity practices in a way that aligns them with critical business priorities while still creating a place that’s safe. That is the core of digital trust.
Digital trust is not a method, product or service. It’s a philosophy that acknowledges why financial sector businesses stay in business; their clients trust them.
That trust is challenged – constantly – and it’s up to cybersecurity professionals to maintain it. The best way to maintain it is with the persistent visibility of a client’s movement. Every login, balance check, policy update, transaction or claim. And these checks must happen regardless of which business units the movement touches.
It doesn’t stop there.
It must also include all the systems that support the client’s movement, and the people who have access to those systems.
In short, if you can maximize the protection of the client’s movement through the organization, you’re inherently better able to protect the organization.
To adopt a digital trust model, organizations should look at five key areas.
- How the leadership is measured and compensated
- Whether the organization might identify insider threats and conspiracies
- What protections are needed to monitor a client’s transactions and help avoid fraud
- When to integrate more advanced capabilities into the risk management and compliance model
- How to handle the public announcement of a breach by quickly finding the cause and spread
Each of these key areas has a critical role to play in the overall theme of digital trust. An omission of any of these areas might create a negative impact to the business. Digital trust is a complex journey. Many already have the people, but not the tools. Some have the tools. Very few have the comprehensive process to put it all together.
No matter how you interact with a client’s interests, the only way to stay in business is maintaining the trust of the client that you’re protecting their interests.
Contact IBM to assess your security readiness for digital transformation.
Learn how IBM can help secure your business.