Cyber Security Regulations Require Strict, Standardized Security Best Practices
By now, most organizations realize that they need to consistently fight cyber security threats to avoid falling victim to harmful attacks. However, according to a Mastercard study conducted with Innovation Leader in late 2018, 51% of organizations are only interacting with information security colleagues on an as needed basis. And, with the public increasingly concerned about data privacy, an evolving regulatory environment is now requiring companies to follow more stringent data security measures than ever before to ensure they are properly safeguarding their information.
It is not enough for organizations to say that they are vigilant about data privacy and cyber security; they need to prove adherence to the information security best practices defined by regulators. Yet, it remains difficult to know exactly which cyber risks are most urgent, and how to best mitigate them for each particular business.
Fortunately, organizations do not have to face this challenge on their own. Engaging with cyber security and data protection experts on a more regular basis—and early on in the process—can help organizations continue to excel while also following the most safe and secure path.
Ever-Important Consumer Trust
Cyber criminals have numerous ways to initiate an attack: malware, ransomware, distributed-denial-of-service (DDoS) attacks, and phishing schemes, to name a few. There are also many other digital tools that aim to penetrate companies' systems, steal proprietary and customer data, and wreak costly damage. These attacks are affecting institutions across industries and scales, from small businesses to financial services institutions and healthcare organizations. Within one industry alone—the Global Banking and Financial Services (FSI) sector—the numbers are astounding: 2018 saw significant year-on-year increases in the numbers of compromised credit cards (212%), credential leaks (129%), and malicious apps (102%).
New regulations are increasing the pressure on organizations to protect themselves. Regulations in the U.S. such as HIPAA, and the European Union's new General Data Protection Regulation (GDPR), are requiring companies to enact strong data privacy protections and demonstrate that they follow established cyber security practices. Brazil is following suit with their new General Data Protection Law (LGPD). New regulations impending, such as the onset of the California Consumer Privacy Act in 2020, will further regulate how companies handle, store, and use consumer data.
With more regulations on the horizon, and customer trust a commodity that companies are fighting to preserve, it is essential for organizations across industries to implement information security best practices. By standardizing data practices, leading companies can more effectively protect consumer data and in turn, improve their compliance to regulations.
Assessing Security Practices with a Critical Eye
Managing and protecting data can be difficult. For one, data is everywhere: in cloud systems and on-site architecture, where it is widely dispersed in heavily used programs and in forgotten silos. And, that's just the technology end of information management. Employees often have vastly different attitudes on how they should handle information.
Most risk assessments are qualitative, meaning that they generally assess risk across a number of cyber and technology domains and place them in High, Medium, or Low zones. Some may assign the domains to a heat map—Red, Amber, and Green. The resulting roadmaps are often multi-year programs requiring significant capital and human resources that benefit the assessor more so than the customer. In today’s environment, it is imperative that organizations, especially the business owners, assess risk to their business outside of what IT or their security teams are doing. Business leaders—small business, healthcare, financial executives, etc.—need to be the drivers of the actions the Chief Information Security Officer (CISO) takes to enable the business. The challenge is that business leaders often do not know how to assess risk, propose solutions, and manage day-to-day activities in partnership with their information security teams.
Overcoming Business-IT Barriers
Mastercard has developed expertise and established best practices in cyber security and data management over a number of years through its experience in securing information across its network, systems, and customer base. By defining risks in the context of true risk exposure, Mastercard is actively helping organizations close their security gap.
Take Mastercard’s organization for example. We are overcoming the communication hurdle by covering cyber security basics before embarking on any new initiative. We take a risk-based, data-centric approach to security, embedding it into our business and building on the concept of Security-by-Design. To facilitate this, we teach a culture of safety and security that we have built to facilitate business expansion and please our customers.
This risk-based approach identifies key improvement areas and allows us to model our risk profile and the corresponding tactical actions and investments required to mitigate risk. We are able to see direct correlations of investment and return and can consequently drive our IT and security teams to prioritize their programs to better support the business needs.
We have also taken our internal efforts and practices and packaged them as a consumable product for our customers in our cyber security offerings. We are consciously developing a scalable product that requires very light touch support and automates the collection of data, quantifies risk exposure, and helps organizations prioritize which new measures will best mitigate risk. Our business customers are now able to converse more effectively with their respective IT and cyber counterparts. This results in a more responsive and more resilient cyber program, and a culture of security within the organization.
Cyber security and data privacy regulations will continue to be critical areas that organizations have to master if they want to remain competitive and keep their customers' trust. By working with experienced cyber security partners to assess and mitigate risk on an ongoing basis, organizations are able to focus on the business and not worry about failing their most important test—protecting their information. To take a step forward in your cyber security, connect with us to learn more about Mastercard’s Cyber Security and Data Privacy solutions.
Ask Chris Reid
Questions about Mastercard’s Cyber Solutions? Reach out to us to learn more about how you can take a step forward in cyber security today.