Scrutinizing People, Process & Technology is the Key to a Secure Financial Empire
Date: Friday , June 05, 2015
Websense, Inc. is a global leader that provides advanced security solutions to shield organizations from cyber attacks, malwares and data theft, by protecting sensitive data, increasing productivity and embracing compliance standards. Born in 1994, the Austin-based company is highly acknowledged for its scalable, unified appliance and cloud-based TRITON APX solutions.
- How do you see the BFSI landscape in India?
The model of banking has transformed significantly in India. Every consumer wishes to bank from anywhere, anytime and from any device, today. Banks are successfully realizing the rising expectations and technology has made this paradigm shift absolutely possible. The technological revolutions have also enabled financial organizations to beget innovative business models which have significantly improved operational efficiencies, reduced costs and augmented their productivity. However, such new models have also become a breeding ground for a gamete of risks. One instance can be in an electronic card payment system, data can now be directly accessed and processed by customers and service providers as well as other outsourced partners. This means that the data which was protected within a fixed information ecosystem is not there anymore. Thus, it becomes very important for banks to evaluate and re-visit their security postures constantly.
- What is your thought on a safe and secure financial industry?
Technology has indeed revolutionized the phase how the businesses run. However, with banks and other financial institutions continuously adapting to the up-to-second technological fluxes, they have failed to fathom the fact that the process also presents compounded risks for them. The threat landscape has raised its ugly head and attacks are now becoming more targeted and more organized. Hackers are joining forces to effectively lodge attacks to ensure that are able to steal the information they desire. They, in fact, have moved a mile further and they hack into a banks\' system where they try to gain the trust of the high-heeled users, and once they get the necessary credentials from them, their purpose is served. Thus, it is becoming important for those organizations to raise the security intelligence of the end-users and security administrative.
To mitigate the risks, banks have to make sure that their security postures have the data awareness framework embedded on to it. While these approaches endeavor to shield the banks from the external hackers, constantly and periodically evaluating the risks enriches the entities with the affinity to keep the internal hackers away – which is in fact a difficult, yet business-critical chore. In addition, organizations also have to possess risk management strategies before they reap in the benefits of the technical avenues into their organization, rather than evaluating the security risks after embracing the technologies.
- How are government and other banking industry regulators steering banks to combat security threats?
Donning the cap of an imperative role in eliminating security risks in the financial space, Government and other banking industry regulators in India have introduced multiple mandatory governance and protocols. While IT Amendment Act is one of them, there are also many other regulations such as guidelines for Information System Security, RBI guidelines on mobile banking, prepaid value cards and guidelines for internet banking, which have been enforced. Banks are even becoming compliant to the international standards to protect the consumers\' data.
- What according to you are the security frameworks that organizations need to invest on?
The rapidly maturing threat landscape witnessed a great expansion into the network infrastructure in 2014. Born to the network infrastructure, multiple legacy systems started to rule the sector, but were soon succumbed to vulnerabilities. Thus, organizations have to be extra-vigilant and have to migrate their security stature to data-centric security framework.
The following ways can make the financial systems more intact:
- Effective awareness campaigns – Organizations have to move out from passive awareness campaigns to active, and make sure that security gets imbibed into people\'s culture. Employees should wear a security hat, atleast for few hours every day.
- They should invest on right security technology. It is also claimed that each security technology is growing up three folds of what they used to 2-3 years earlier. So, it would be extremely tough for security administrators to analyze these losses, identify the high-priority loss and remediating them. Thus, the right security technologies provide enough contextual intelligence so that the security administrator can evaluate incidents to solve them.
- Organizations have to prioritize the high-risk electronic information they have and execute scrupulous and rigorous data analysis to find out where these high-risk assets are stored and who would be the actual authorized recipients who are to receive the information
- Controls should be exercised on people, process and technology to ensure that the information is protected, securely transacted and transmitted to the authorized recipients
I am buoyant that these aforementioned approaches can enable a safe digitization, thus a sound financial sector. (As told to Kavitha G)