Cybersecurity and Compliance

All of us continually focus on traditional compliance topics, yet know we should expect some changes each year.

Greg Sawyers – Product Compliance Officer

All of us continually focus on traditional compliance topics, yet know we should expect some changes each year. Outside of the traditional topics, an area that continues to receive more and more visibility, is cybersecurity. Years ago, cybersecurity was a topic where we would say, “that’s IT.” Recently, however, that statement has not applied and the collaboration between compliance and IT will continue to increase as traditional lines are blurred due to the ever-evolving environment we are in now.

Cyber attacks will remain a newsworthy topic as criminals continue their assaults in an attempt to stay ahead of data security efforts. We could spend days looking into a “crystal ball” discussing what we might see in 2019 since this topic is so massive. Some key areas I see as impactful for a compliance professional are: Internet of Things (IoT), Internet-Connected Devices, Artificial Intelligence (AI), as well as Stricter Cyber Laws and Regulations.

The use of IoT increases exponentially each day. The general consensus is that the interconnected networks, which allow multiple devices to talk to each other, have vastly transformed how we live our lives. Some of us may have started down this path with a Nest Thermostat or Nest Protect and then added an Amazon Echo Dot or Google Home. No matter the devices you use in your home, IoT and increased offerings by financial institutions which allow those connections, only increases Cybersecurity risk. With the additional offerings of financial institutions, the topic of risk, and its mitigation, is top of mind for all IT examiners and auditors. Looking beyond the IT security stack, most of us reading this won’t get involved; however, we must consider the privacy impacts and what information could be provided if someone asks Alexa for details pertaining to his or her checking account, loan, etc.

Financial Institutions, and their IT departments, have established strong processes to secure the infrastructure housing their customer data. They will continue to enhance security measures trying to mitigate potential hacks and pivoting from event to event. In most cases, the greatest weakness in the loop is internet-connected devices, like your smartphone. Consumer devices aren’t always updated timely and lack the same level of safeguards leaving them vulnerable to exploitation. Financial institutions must continue to educate account holders regarding their personal risk as well as different ways to protect their devices and information.

We have all heard about AI and the possibility of limitless data analytics. From a BSA perspective, AI allows us to monitor a large number of transactions more timely and effectively without hiring additional full time employees. In the cybersecurity arena, AI is definitely gaining traction among financial institutions and becoming an emerging opportunity. Increasingly, AI is being used to enhance insights into recognizing hacks and allowing them to quickly change course moving from one area to another. The double-edged sword is that hackers will also take advantage of AI.

The final area I see developing in 2019, centers on Cybersecurity laws and regulations. With the latest high-profile hack of Marriott’s Starwood division, which impacted 500 million people, coupled with recent changes to existing cybersecurity laws and regulations, I anticipate that we may see those laws further strengthened in an effort to thwart hackers. Their ability to constantly evolve means we, too, must maintain vigilance never becoming complacent with the security we have implemented to protect member data.

Cybercrime is here to stay and we all know hackers are rapidly changing their methods. Financial institutions must remain watchful, willing to rapidly change course and improve security measures in an effort to protect consumer data, community trust, and corporate brand. Hackers will continue to target financial institution staff and account holders trying to find any and all vulnerabilities. Constant education is key to assist with your overall cybersecurity program.

Filed under:

Greg Sawyers – Product Compliance Officer