Use Case: Financial Services Industry

AT A GLANCE

1. Managing an Attack Surface
2. Version Control
3. Poor Access Management
4. ROT Management
5. EUC Management
6. Regular automated audits
7. Implement strong governance policies, processes and technologies

‍

Data Challenges for Financial Services Organisations

The explosion of data presents huge risks; there are frequent breaches and large fines. Data is increasing exponentially year on year and breaches in the financial sector are unfortunately becoming more frequent. Not only are customers and finances at risk, reputations are compromised and increasingly large fines are being issued^*1.

‍

In March 2023, Latitude Financial, a Melbourne-based company offering personal loans and credit cards in Australia and New Zealand, suffered the largest confirmed data breach, compromising over 14 million records. The breach included the theft of nearly 8 million driver's licences, 53,000 passport numbers, and multiple monthly financial statements. An additional 6 million records dating back to at least 2005 were also compromised. Latitude Financial initially reported that only 300,000 people were affected, indicating a lack of understanding of the attack, which erodes trust in the company's response. While data breaches can happen anywhere, a poorly managed response reflects inadequate preparedness and hinders remediation efforts^*2.

‍

Financial Unstructured Data

The financial services Industry has a much higher risk profile when it comes to unstructured data. Due to the nature of the business and sensitivities around the data, FSS is a prime target for cyber criminals. The data could contain any of the following information:

‍

• Budgets
• Public Filings
• Price Lists
• Salaries
• Bank Accounts
• Contracts
• PII

‍

Not only that, organisations are under intense scrutiny from regulatory mandates and need to maintain compliance at all times.

Redundant, Obsolete or Trivial (ROT) Data - this can contain important and sensitive information and needs to be managed and removed carefully

In terms of end-user computing (EUC), spreadsheets pose a significant risk as they are difficult to govern. Despite the potential for extensive financial and reputational losses that end user computing risk presents, it's often not taken into account until it's too late.

General Data Protection Regulation (GDPR) - GDPR is a broad-based privacy regulation that is intended to create a consistent framework for handling personal information throughout the European Union and reaches across international borders to regulate the usage of that information worldwide.

‍

The Need for Government Policy Compliance

Financial organisations are working under more complex regulations and facing greater external threats that are ever more difficult to adapt to. At the same time, they are still having to adapt business models to manage technological disruption in the market whilst also building customer trust and engaging with the wider community.

It is extremely important that banks maintain a centralised repository of all the EUCs, along with their

respective elements like risk assessment, classification, and proof of control implementation^*3. This a key control factor when implementation Basel 4, effective from January 2023, by the deadline of 1 January 2027^*4. The first step in implementing strong governance policies, processes and technologies is defining the data policy, data owners and controls.

‍

SOLUTION

Getvisibility’s solution Data Guard is for organisations that have an urgency to meet a compliance deadline. Getvisibility Data Guard is a Data Risk Assessment and Protection product that, unlike other DLP solutions, Defines and Creates Data Policy with Data Risk Analysis via Dashboards so customers can save 100 weeks of work in defining and implementing a compliant data policy. Getvilibilty Data Guard is a three step online platform that can provide risk analysis to all stakeholders with an automated data policy within a week.

‍

When Data Guard is combined with Synergy it allows EUC to be monitored in real-time as documents and data are created and edited. This enables organisations to fully improve data efficiency, comply with regulations, and maintain stability of business operations through risk management. Getvisibility gives users the ability to:

‍

• Automate Discovery - of all sensitive documents across our file share.
• Risk assess spreadsheets and files - Automatically highlight risks associated with the discovered documents and align it to the business GRC mandates.
• Manage ROT data - Understand the degree of ROT within the environment
• Assess your initial inventory - for business as usual review to enable data management.

‍

Getvisibility is empowering data security through cutting-edge technology designed to process and classify unstructured information with an unprecedented level of confidence. Our Getvisibility platform allows organisations to consume out-of-the-box AI to define their protect surface and secure their current data risk posture, allowing for proactive data management and security. Getvisibility has been recognised by industry analysts (Gartner & Forrester) as providing the next generation of capabilities for data risk assessment and protection.

‍

The Getvisibility Platform is positioned at the intersection of of Data Security, Data Governance, and Data Risk Mitigation Enablement. To learn more about our capabilities and explore how they can revolutionise your organisation's DSPM, contact us for a one to one conversation.

‍

1. https://www.forbes.com/advisor/personal-finance/protect-yourself-from-cyberattack-on-your-bank/
2. https://www.latitudefinancial.com.au/latitude-cyber-incident/
3. ‍https://assets.ey.com/content/dam/ey-sites/ey-com/en_in/topics/financial-accounting-advisory-services/2023/ey-adjustment-in-regulatory-reporting.pdf
4. https://kpmg.com/xx/en/home/insights/2021/10/basel-4-this-time-its-final.html