[BreachExchange] How CIOs can prepare for a new world of open data

Destry Winant destry at riskbasedsecurity.com
Mon Jan 21 06:59:39 EST 2019


https://www.cio.com.au/article/656443/how-cios-can-prepare-new-world-open-data/

Treasury’s recent decision to push the open banking ‘switch on’
deadline by over six months is due to concerns around security. Albeit
slowly, we are moving inevitably closer to a “brave new world of open
data” (a term coined at 2018’s ARCA National Conference), so we cannot
view privacy and security as an add-on, or something we ‘have to do’.

The data landscape is evolving with increasing complexity as consumers
will soon enough take information ownership back into their own hands,
and the sector is only as strong as its weakest link. We need to not
only be worrying about securing our own backyards, but also those of
whom we’ll be sharing data with, and work together on industry-wide
security solutions in order to properly address security concerns and
ensure the open data revolution is to be pitfall-free.

With this in mind, here are some areas that CIOs and the wider
financial industry should consider ahead of the implementation of open
banking in early 2020.

The first step is to keep the house secure

Amidst regulatory changes, economic pressures and changing consumer
preferences, we as businesses have better insights to work with, more
commercial opportunities and increased customer engagement. But we are
also challenged with continuously maintaining a competitive edge,
bringing relevant products to market and finding solutions.

It’s clear that innovation is vital – but without a robust security
program in place, commercial risk is high, consumer confidence is low,
consumer advocacy is absent and open data participation diminishes.
Robust protocols, consumer ID validation, appropriate oversight,
governance, reporting and monitoring give businesses the confidence
and agility needed to drive innovation.

Think about it as a well-built house: The walls, windows and gates are
like malware protection – structures that make the environment as hard
as possible for the bad guys to break into. An alarm system acts as a
backup to alert you if the bad guys manage to get in – for example, if
traffic to your application hits levels that trigger alarms. And
encryption is like the home’s safe – if the intruders do manage to get
the data, they can’t do anything with it, and digital loss prevention
picks up on people sending documents they shouldn’t or personal
information leaving that shouldn’t.

If the house is secure, life can progress as normal, without constant
fear and interruption from external threats.

Equipping your A Team

Among my peers, I am noticing that when organisations approach their
boards and risk committees these days, the conversations are
increasingly focused on data assets and data breaches. Risk is no
longer the responsibility of Risk Officers alone – we are all
accountable.

We need to be bringing people in and upskilling people across the
business to understand cyber security and more complex data risks in
the face of such influential change. Businesses can complement
existing traditional risk functions by acquiring talent and knowledge
around data security and hiring the skills to implement and manage the
robust security programs we so actively endorse.

After all, without attracting the right people on the ground to carry
it out, the advanced software and new systems in place won’t reach
their full potential.

Consumer trust as part of the Open Banking puzzle

As with any major industry change, we’re on a steep adoption curve
with open data that starts at hype and ends at broad-based adoption.
But that trajectory will stagnate if we don’t ensure that consumers
are on board with understanding the new landscape, and following the
related security protocol.

We want consumers to be able to control their finances with smarter
management tools in a secure way. We want mortgage providers to better
understand a consumer’s affordability for an application, or a
property company to qualify an individual’s income and rental history
to better assess their eligibility to rent a property in a secure
manner.

But we can’t get what we want without everyone being on the same page.
Losing customer trust equates to halting innovation – it won’t matter
how robust and appropriate the security framework is if no one knows
or wants to use it.

As the UK’s Tony Blair once said, it’s all about ‘education,
education, education’.

Providing Australians with the full picture

While there is some conceptual understanding amongst consumers, there
is a real sense of consumer fear around ownership and security
regarding open data.

Research we undertook last year across APAC revealed two thirds of
consumers are comfortable with sharing basic personal data, however
for highly guarded data and demographic information, their willingness
radically decreases.

Interestingly, people are most comfortable sharing basic personal data
with retailers. On the other hand, consumer trust in banks is
underwhelming, even though there are fewer recorded breaches within
banks than retailers. Retailers have been victim to some of the
biggest breaches, such as Target’s breach which affected 41 million
customer payment-card accounts and revealed contact information of
more than 60 million customers.

But a large proportion of consumers are not clued up on data sharing.
In fact, a fifth of consumers in the UK are oblivious to the way in
which companies wish to use their data, often accepting it without
really understanding the reason, the next step or the benefits.

If our local understanding of data use is not nurtured, people may
feel cheated if their perception of the value-exchange is not
positive, or will not be willing to participate in open data
initiatives, significantly reducing the potential success of systems
such as Open Banking.

With the timeline on open banking extended, it provides industry with
the opportunity to get open banking right and truly harness the power
of a data environment. Investing in robust security systems will
ultimately lead to strong consumer trust and consequently a successful
open data ecosystem.


More information about the BreachExchange mailing list