The crooks will win unless cybersecurity is fought on multiple fronts
Protecting assets against cybersecurity is a daunting task, much akin to putting a finger in the hole of a dike. While the Equifax breach and subsequent fines highlight the importance of putting common sense over dollars, no one should be fooled by the sheer effort required to protect data, customers and address privacy concerns.
Financial service companies and providers now require a chief security officer that has a keen understanding of all the pieces and parts of the business as well as what is required to stay ahead of the bad actors. Firms need to move toward a more comprehensive security strategy that blankets the whole organization and is dedicated to protecting all stakeholders and customers. That's because security is more than a single battle, it's a war on multiple fronts.
Companies and financial service providers are fighting the cyber war on two separate fronts, both of which have many facets. The primary categories that need protection are first the securing and fencing in of the back office and second the ongoing monitoring and guarding of many different types of transaction-oriented events. Both require significant costs, effort, and know-how in an ever-changing, fast-paced technological landscape where there is no playbook. The environment is overwhelming, puts security vulnerabilities front and center, and exposes companies to lost customers and injured reputations.
Security budgets are ballooning unabated and are increasingly part of the hard costs in operating a business. Budgets are spread thin and sometimes only address fencing in the back office which is seemingly easier to protect. Back-office portals, systems, and employee access are more easily identifiable than addressing all the different components required for securing the transactional side of the business.
Among some of the largest types of transactional security requirements are guarding against ID fraud, synthetic IDs, and payment fraud. These fraud events occur across myriad products inclusive of consumer and commercial relationships. Anti-fraud security measures need to be in place for deposit products, loans, lines of credit, payment accounts/cards and payment transactions. Compounding the issue is that many of the fraud management decisions are being made within the operating area, risk group or leadership group of an individual line of business or profit center. That means those security efforts can be subjected to business case evaluations and ROIs that could put the effort to the back of the line against the demands associated with driving revenue into the organization. Further, not all organizations recognize all the costs associated with fraud and how it may or may not impact the customer relationship.
Financial services providers of all kinds, shapes, and sizes are developing and deploying new technologies to combat the security battle. Many new fintech companies are emerging that address a particular niche such as AML and KYC requirements or work to secure payment transactions. Yet service adoption lags well behind need given the vetting, resource and prioritization processes and requirements by large institutions and organizations.
That is why the time is ripe to move the decision making up the ladder and for organizations to bite the bullet by creating a more inclusive comprehensive strategy for the overall business that considers all the disparate security needs. To do that companies will require Chief Security Officers who understand the inner workings of the core businesses. The CSOs will need to design more comprehensive strategies that consider all the stakeholder and customer implications for a line of business. The sooner companies recognize that CSO role requirements are evolving and becoming more fundamental to day-to-day business needs, the sooner we will be able to more effectively hold the front on the cyber assaults.