Reshaping the Banking Experience
Connected Car Revolution through Cloud
Transformative Retail Banking
A Report from the Front: Transforming IT to Enable Business Strategy
Universal Digital Identity-How to Get it Right?
Dr. Michael Gorriz, Group CIO, Standard Chartered Bank
Thank you for Subscribing to CIO Applications Weekly Brief
Banking on Trust: The Role of Security
By Tom Watson, VP-IT and Digital, Global CISO, Sealed Air Corporation
Consider the insurance industry which currently relies on a reactive approach wherein clients buy insurance for tangible goods; however, we find ourselves in an ethereal position when it comes to IT security and the potential loss of data. This is demonstrable in the Wanna cry ransomware attack in May 2017, where a company reported potential loss of up to $300 million. The company then looks to an actuary that is required to stipulate a specific amount of money which could vary depending on the type of and amount of data that was compromised.
Personal Insights on IT Security and Governance Sector
48 of the 50 states in the U.S. have their own data privacy laws. It is essential to ensure that data security policies are developed and adhered to within a company. That said, it is crucial to ensure that these data privacy policies are aligned with global regulatory standards, essentially, satisfying compliance mandates. With the new General Data Protection Regulation (GDPR)—effective May 2018—many organizations are scrambling to meet compliance requirements.
Security needs to be a primary focus. It cannot be a mere afterthought rather it must go hand-in-hand with development and planning efforts
Identifying the Right Partner
When we talk about security, there are several aspects that need to be taken into consideration; different organizations have varying levels of risk appetite. Consider the recent financial crisis, there were some banks that were very aggressive in nature and took on high risks with loans. Some were monetarily successful, while others didn’t factor in the risk element appropriately. This is applicable to the manufacturing sector as well. Smaller organizations do not necessarily possess the resources to routinely test and verify solutions, hence take risks. Building strong relationships with partners that have worked to institutionalize their processes is vital. Small organizations can learn from larger organizations that have more funding and have effective SDLC (Software Development Life Cycle) type processes.
Security needs to be a primary focus. It cannot be a mere after thought rather it must go hand-in-hand with development and planning efforts. We are fast approaching a tipping point in the IT Security solutions space where a consolidation of solutions is required. This scenario was experienced shortly after the .com downturn in the early 2000s. Organizations need to consider what solutions they have in place and balance their effectiveness versus the overall investment to prove true value.
Advice to Aspiring CISOs
Looking back at my career, that started more than 20 years ago, much of what we as an industry did was completely reactionary. We weren’t mindful of considering the repercussions for aggressive responses to security incidents that could be caused downstream. Security breaches were dealt with a very narrow focus and without thoughtful regard to risk. Today, however, threat detection and incident response is performed more attentively following a risk based approach. Therefore, I recommend thinking long-term and avoiding knee-jerk reactions. Be thoughtful when planning responses and delivering appropriate communications. Also, it is important to be risk-averse but sometimes there is a need to take a risk. In my career, I have had to take risks and I have often learned new things that helped me stay ahead of the game. Lastly it is extremely important to maintain a high-level of integrity throughout one’s journey, both in their personal life and professional career.