Security will be more pervasive, adaptive and integral
“The knock on effect of a data breach can be devastating. When customers start taking their business elsewhere, that can be a real body blow.” – Christopher Graham, Information Commissioner, United Kingdom, Advertising Association’s Leadership Summit, 2016
In 2015, 480 million customer records were breached by hackers, and the tally has already crossed 1.6 billion this year. Security attacks are becoming more spectacular in the digital age – think ransomware or the physical danger arising from the Internet of Things. And it is not just individual consumers who are at risk, because there is a rising threat to organizational security and reputation as well. Hence in 2017, enterprises should be looking to take a more pervasive, adaptive and integral view of security.
Banks need to go beyond merely securing the perimeter of their systems to securing every layer of operations and technology design. With developments, such as IoT and Open APIs taking banking increasingly digital and exposing even more data to risk, banks will have to defend themselves against the attendant security threats. This builds a clear case for more pervasive security.
But given the amount of data being generated and transferred over networks, it will be impossible for cybersecurity experts to monitor everything on their own. Ironically, the solution lies in digital technology, namely in self-learning machines with a far higher capacity to process data than human beings. These machines will use algorithms to monitor every instance of usage of data or applications and in the event of suspicious activity, will use intelligence to heighten the level of security in real-time. Adaptive is the future of security. 2017 could also herald a change in the security mindset with the entire organization, and not just IT, taking responsibility for it. Security will no longer be viewed as a compliance compulsion. Security emerging as a business priority is both inevitable and necessary given the pace of digitization and growing engagement between man and machine.
We believe that in 2017 those responsible for adopting and enhancing new technologies, designing new products and services, or managing digital channels should be thinking about embedding security within these elements. The idea should be to enable applications to secure themselves, rather than only relying on an external application for protection. The other goal should be to progress from prevention of incidents to prediction of security risk by monitoring system usage and feeding that data back to the people and machines in charge of security for early action. Progressive banks are also adding an extra layer of security with biometric authentication, voice, and facial recognition too, which are pretty hard to duplicate.
But even as banks ride these trends to secure their organizations against the growing threat, they must protect their ability to innovate and serve customers. The security team must therefore view itself as a facilitator of innovation, rather than a gatekeeper. Finding the right balance between protection and innovation might well be their biggest challenge in the new year.