Security must be everyone's problem to be effective. Financial institutions, especially, must exist within a culture of security — where everyone throughout the organisation understands exactly how and why they must protect networks and digital assets. Unless this culture exists, systems and data will remain vulnerable to attack.
Data security continues to be of the utmost importance to organisations as the landscape constantly shifts. Cyber-criminal gangs are increasingly technologically advanced. There is a rise in nation state sponsored attacks, hacker groups and hacktivists. The Internet of Things (IoT) introduces a new attack vector for nefarious actors to exploit.
When security is approached from individual silos, though, they can become miniature ecosystems, which is not conducive to a unified culture built on security. Silos also stunt a financial institution’s ability to learn from teams across the organisation. Human error and social engineering continue to be one of the greatest causes of information security failures. Breaking down silos and building a holistic approach to security will increase awareness to threats and build the unified, effective responses and controls necessary to mitigate threats.
How security silos are created
Silos can exist in most organisations. OpEx and CapEx pressures make it difficult for financial institutions to grow organically, so many will turn to mergers and acquisitions (M&A) as a strategic lever for growth. And, we’re seeing rising global mergers and acquisitions — up 39% from the first nine months of 2017. But, with this, we naturally introduce the risk of increasing security silos as financial institutions work to integrate systems and processes native to each of the organisations now being merged.
An effective security strategy depends upon many different processes and technology layers. If financial institutions have siloed products run by isolated groups, without a unifying platform, the lack of integration can cause inefficiencies and additional administrative overhead. The silos can mean that security practitioners need to log in to multiple systems to collect and analyse data and create reports.
What does a holistic security strategy look like?
A holistic organisation-wide security strategy will be embedded into the culture of the financial institution. Rather than be implemented, it should be built into the DNA of the financial institution. The strategy will be risk-based and look at all the access points — hardware, software, people, requirements, and activities. It is a dynamic, constantly evolving combination of prevention, detection, analysis, and response efforts, which enable financial institutions to proactively combat constantly evolving advanced threats and potential losses.
With a holistic approach, financial institutions can collaboratively collect and analyse intelligence from across the organisation. This model improves intelligence sharing across the industry and allows financial institutions to participate in exercises or drills that allow testing and improvement to security playbooks.
A holistic strategy also ensures that financial institutions are better prepared for auditing and compliance requirements. It increases operational efficiency, protects the brand and reputation, keeps repair costs down, and protects against sanctions or fines. From a customer perspective, there is greater protection against identity theft and fraud, and fewer security incidents increases uptime allowing customers seamless access to their financial lives.
The benefits of removing the silos
There a whole host of benefits that come when a financial institution achieves a holistic security strategy free of limiting silos. Of course, the biggest and most important benefit for organisations is financial — mitigating massive potential losses. Losses that, according to the Ponemon Institute, have the global average cost at $3.6 million per data breach, or $141 per data record.
Removing the silos will also improve organisational visibility, reduce manual effort and free up the security practitioners to focus on protection and mitigation — rather than compiling data from multiple sources and creating roll-up reports.
Appian provides a software development platform that combines intelligent automation and enterprise low-code development to rapidly deliver powerful business applications. Many of the world’s largest financial services institutions use Appian applications to improve customer experience, achieve operational excellence, and simplify global risk and compliance. For more information, visit www.appian.com/finserv.