Security

Three success factors in security operations

Share this post:

There are five trends that all industries are facing, but I’d argue no industry is feeling them more acutely than financial services:

  1. Shareholders increasingly demand higher margins, as customers increasingly expect more personal and convenient experiences.
  2. Digitization of Society is accelerating, with specific stress to financial services where new capabilities with new competitors will force banks out of their branches.
  3. The world’s data is doubling every 12 months. And financial transactions are among a fast-growing subsection of data types.
  4. Digital Trust is paramount for the modern business. The expansion of channels expands the threat of money laundering, fraud, and hacks — as well as regulatory requirements for necessary protections
  5. Artificial Intelligence is now being used by cyber criminals, meaning the sophistication of their methods is increasing, forcing banks to up their game.

The successful bank that emerges from those trends has a business model run on digital intelligence. It’s a model where we gather data, convert it into knowledge, create real-time insights from that knowledge and turn those insights into better decisions, actions and, ultimately, outcomes.  The model delivers better customer experiences, creates operational efficiencies, and can lead to new revenue sources. This digitally reinvented financial institution, runs on data, which is valuable and in-demand, but constantly under threat.

Financial institutions are leading the charge in building security immune systems, knowing they are most threatened. They are looking for end-to-end security operations that are flexible and scalable, data-driven and applied with automated, operational accuracy. Above all, it should build trust and deliver on the promise of security and privacy—without getting in the way of customer experience.

That type of trust-building security system requires a Six Sigma-like operational rigor, but as breach after breach teach, we must employ new tools that ensure we eliminate any variance in cyber security. In my mind, success follows with three operational goals:

1. Efficiency
Attacks will come quickly and constantly. A security system must be able to flag and defend against threats, without causing bottlenecks or burdening budgets and staff.

Automation is the only way to make operations efficient. It can flag problems and route issues to security analysts. Robotic process automation acts on set rules to sift through millions of records to catch problematic transactions. But as attacks are increasingly sophisticated, Cognitive process automation, powered by artificial intelligence (AI) is the only way to get to true efficiency. As the system flags issues to security analysts, it then assist analysts in making correct, comprehensive decisions. With the deluge of data analysts deal with, cognitive automation can adapt to new variables and react to unique situations in order to reduce false flags and detect new types of attacks. Traditional process automation often stops short, using only narrow AI capabilities that focus on the structured security data alone, which brings us to efficacy in security operations.

2. Efficacy
Visibility across your entire organization is essential to detect any threats and to take required protective actions. Cyber security information is high-frequency, high-volume data which is accelerating as we digitally transform all aspects of society. Much of that data exists in a vast ocean of unstructured data that has no value unless we can process and derive insight from it.

Enter Artificial Intelligence (AI). Unlike current AI-powered security systems, we must evolve to a new framework that can make sense of unstructured data, identify security threats within it, and take action to protect the business.

The only security systems that are truly effective are those that combine the narrow AI of typical security systems and broad AI, capable of interpreting unstructured data. This makes it possible for security systems to scour the internet, ingest and analyze unstructured cyber security information, act on a single threatening data instance, the very first time it is encountered – the proverbial needle in the haystack –, and remember it always. This is vitally important as we look to protect the business from the most sophisticated and never-before-seen threats.

3. Repeatability
For material improvement to security operations, the system must combine both automation and broad and narrow AI. A successful system is one that can both flag the most critical threats, route them appropriately, and then learn from analyst decisions, applying that logic to improve threat identification and rules enforcement to continue improving over time.

In the context of those five market trends—where your bank runs on a digital, efficient, flexible and customer-centric model—, efficiency, efficacy and repeatability can only be achieved using automation, powered by cognitive technologies. It not only reduces the cost of operation but it reduces the burden, friction, and stress to customers.

IBM’s suite of cyber security tools bring together efficiency, efficacy, and repeatability through AI and automation, to enhance security operations, while building digital trust through consistent customer experience. See what our suite of security tools can do for you.

Vice President, US Financial Services Cyber Security

More Security stories

Changing the way money moves across Asia Pacific: Sibos 2018

We very much look forward to hosting the premier global financial services industry conference in Sydney, Australia from October 22-25. Given IBM’s experiences helping clients accelerate their digital transformation journey with Cloud and AI, we’re particularly excited that “Enabling the digital economy” is the Sibos 2018 conference theme. We see a market with many opportunities […]

Continue reading

Have banks reached an AML compliance inflection point?

IBM RegTech Innovations. Nearly two years ago Lloyd Blankfein, CEO of Goldman Sachs, predicted that the demand for compliance analysts to meet the institution’s regulatory obligations would soon be leveling off: This has a Y2K feel about it – that is, we have to hire additional people because we have to get ourselves up to […]

Continue reading

Continuing the path to real-time payments innovation

Since the 1960’s, IBM has worked with banks to help simplify their payment operations by upgrading payment processes, integrating existing silos and renovating legacy systems. In today’s drastically changing payment landscape, banks now wrestle with implementing new real-time payment schemes while satisfying new regulatory mandates and the demands of industry bodies, customer and merchants. These […]

Continue reading