How much is your data worth? Putting a price on cyber security
According to a report from Symantec, 500 million identities were stolen or exposed online in 2015. And, with the recent acceptance of the new EU General Data Protection Regulation (GDPR), all organisations have a responsibility to protect their IT infrastructure to ensure their data is secure. Alongside the hefty fines that can now be imposed for improper handling of customer data, the loss of said data can easily ruin a company’s reputation.
However, not all data is created equally and a fundamental part of effective security and crisis management is understanding the relative risk associated with the loss or theft of different types of data; within each organisation there’s typically a ‘hierarchy’ of data which means that, should a breach occur, a proportionate response can then be triggered. Calculating the relative ‘value’ of different data is key to implementing the right response. This can save valuable time in the aftermath of a breach and ensure priorities are set according to your sensitive data profile.
Aligning data value with the correct response
A recent report highlighted the low cost of cybercrime services available but it’s the relative worth of sensitive data that needs to be understood. Without this, it’s almost impossible to perform a risk assessment. There is no ‘one size fits all’ approach to security protection or incident response. The response to the loss of multiple customer records would be very different to the response following the loss of intellectual property such as the blueprint for a new product.
Here we outline the key steps that can be followed to ensure you assess the value of your data and can implement processes to protect it adequately.
- Take stock of all data. A thorough audit of your IT estate will ensure you have the full picture regarding sensitive data locations.
- Classify and identify high risk, high worth data. Assessing the value of data is a process that varies depending on the organisation size and sector. This considers factors such as: the regulatory impact of the loss of data; the cost of downtime / replacing or recovering this data, the financial impact in terms of the organisation’s reputation and, for public companies, how it would impact the organisation’s share price, credit rating, and regulatory burden.
- Map and track data within the organisation: you need to understand not only where it’s stored, but also how it moves across the network. What safeguards are in place to restrict this movement within and beyond an organisation?
- Share the hierarchy with relevant teams. This is a cross-departmental exercise with the ultimate aim of ensuring that the IT/security teams know where the most valuable data is, and can implement the appropriate security controls.
- Tailor the Crisis Management Plans. Once you know what the significant risks are, crisis management plans can be tailored and customised so appropriate measures are in place to cover different scenarios. Protecting sensitive data involves a chain of decisions impacting different departments across an organisation from IT to legal, PR and HR. With a well-documented and tailored plan, individuals across the organisation will know the correct processes and their responsibilities, according to different incident types.
- Educate staff. Everyone in the organisation has a responsibility to protect the data they handle. Understanding its value and educating staff on the commercial worth of records they’re working with can help to reinforce that it’s an asset that needs to be protected, just like physical property.
Understanding the worth of your assets is an important step on the road to effective security protection and response strategies. It not only means that you can implement that right safeguards around your data, but also that the response fits the magnitude of the breach.
Nick Pollard is UK General Manager, Guidance Software
Mambu and the UAE’s digital banking journey
Miljan Stamenkovic enjoys the dynamic and constantly evolving world of fintech banking. In his current role as General Manager for MENA for Mambu, Stamenkovic sees opportunity in abundance.
“When I joined Mambu with my team in 2019, we came with the fintech, entrepreneurial mindset and DNA to build and grow Mambu’s business in the MENA (Middle East and North Africa) region. Before 2019, the region used to remind me of a desert, at least in terms of cloud service providers and cloud adoption. But this past year has been a wave of progress.” In November 2020, Mambu opened a new office in Abu Dhabi Global Market, as the region has quickly become a key market for Mambu.
He explains, “There are data protection laws. There are cybersecurity regulations and most importantly, a variety of major tier one cloud service providers that are available. But what particularly excites me here at Mambu is the opportunity to rethink business models together with our clients and really bring them to life. This is where I saw a great fit with Mambu and its composable philosophy.”
Creating a neobank and challenger bank ecosystem has been his ultimate goal. “In my opinion, this actually creates a unique opportunity to partner with some of the best fintechs in the region and build the region’s first and true challenger and neobanks.”
Stamenkovic credits Mambu’s partnership with Banque Saudi Fransi (BSF) for the success that has driven the bank forward in the region. “When I think about all the challenger and neobanks that have grown massively over the past decade,there is one common denominator for all these new initiatives. I would say they really operate like a tech company rather than a bank. - BSF is leading this approach in Saudi Arabia.”
He continues, “This brings a competitive advantage for tech companies. These platforms are each managed individually but can be swapped in and out. And when put together, they actually form the backbone of a company's technology capability. This is why tech companies and banks like BSF actually can get products to the market a hundred times faster than their more incumbent peers.”
The implementation, he stresses, is an evolving process, where each component is trialled and checked and swapped in and out according to its effectiveness. But it’s down to the dynamism of the team on the project to initiate these changes. “As critical as technology is to digital transformation, the DNA of people working on these initiatives is the key to success. At BSF they have a true startup and entrepreneurial mentality.”
He explains that Mambu is helping BSF deliver an entire new banking experience while providing soft core banking services hosted, in this case in Saudi Arabia. “Mambu sits at the heart of BSF's new challenger bank and its technology stack. So, this actually enables BSF to take an entirely cloud native approach, having Mambu at the centre of its ‘Digital Engine’.”
Stamenkovic points out, “Mambu enables banking like a modern tech company. Banks used to be built to last, but today they need to be built to change. And that's what we're enabling here.”