Menu
Menu
How to proactively protect your customers from fraud, cybercrime and abuse

How to proactively protect your customers from fraud, cybercrime and abuse

Now is the time to work with your CISO to reframe cybersecurity and privacy as more than cost reduction, and to position the firm as a privacy champion

Whether it’s a breach of privacy rights or data security, you can’t transfer legal or reputational liability to a third party

Today, savvy customers worry about their privacy and a business’ ability to protect them from cybercriminals, fraudsters and surveillance.

To position data security and privacy as your competitive differentiator, CIOs must proactively protect customers, employees, and IP from complex privacy abuses and more sophisticated cyberattacks.

Now is the time to work with your Chief Information Security Officer (CISO) to reframe cybersecurity and privacy as more than cost reduction, and to position the firm as a privacy champion.

Companies in the intermediate phase of this journey should automate privacy workflows to embed privacy in the development of new products and services; deploy technical capabilities to ensure privacy and security policies travel with data that you share with third parties; and automate exfiltration controls.

The technologies required span four areas: data governance,  data security, cloud governance, and technology innovation.

Data governance: Continuously map and understand risks to sensitive data

Whether it’s a breach of privacy rights or data security, you can’t transfer legal or reputational liability to a third party. You must maintain control and knowledge of the data that you share, use technology to reinforce process, and never assume trust. To do this, companies should:

  • Streamline and automate privacy management workflows

  • Continuously maintain data inventory and visualization of data flow mapping

  • Continuously map user access and behaviour and automate customer data controls

  • Aggressively archive and defensibly delete data

  • Detect and respond to breaches within 72 hours with automation and orchestration.

Data security: Quickly detect and stop breaches of sensitive data

In the intermediate stage, tech leaders move to a data- and identity-centric approach and layer on more-sophisticated capabilities that will both accelerate and automate breach detection and response. With these more-advanced Zero Trust capabilities, security teams can stop more-advanced intrusions and attempts at data exfiltration, and when they can’t, the speed of detection and response and the segmented nature of the network limit the damage. To do this, companies should:

  • Create more-granular microperimeters of control around sensitive data and apps

  • Implement two-factor authentication (2FA) and privilege identity management (PIM)

  • Deploy security analytics solutions to monitor network and user behaviour

  • Develop capabilities to identify, prioritize, and remediate all critical vulnerabilities

  • Automate repetitive low-risk tasks in the security operations centre.

Cloud governance: Develop a comprehensive strategy for ‘Cloud First’

Here, your comprehensive cloud security strategy matches your firm’s “cloud-first” intentions, addressing security to, from, and in the cloud. Here’s what that means for companies:

  • Control access to cloud workloads based on user, device, role, and sensitivity

  • Deploy tools that provide visibility, analytics, and detection for cloud workloads

  • Deploy secrets management to avoid transferring sensitive data

  • Add additional protections for fast-moving and legacy applications.

Tech innovation: Protect the brand from advanced attacks of the data economy

The amount of software in your environment has exploded, and that doesn’t just mean the applications you are familiar with. For example, with emerging internet of things (IoT) solutions, each IoT sensor in your environment — and each connected product you make — adds more software that needs securing.

The difference is this software has hardware wrapped around it. IoT that connects the products you make allows your firm to differentiate on customer experience, but it also creates massive risks for your brand. Each emerging technology has an increased attack surface, and the data you collect is now at risk — sometimes in unique ways. The quality of your brand is now defined by the quality of the software and the quality of the hardware. Here’s what companies should do:

  • Deploy brand protection and monitoring tools

  • Automate application pre-release security testing

  • Make mobile and IoT applications tamper-proof

  • Guarantee the fidelity of web applications and workloads

  • Operationalise open source consumption by application development.

It is important to continuously map and understand risks. CIOs and technology leaders must ensure that security travels with the data and position data security and privacy as competitive differentiators. Firms must move to proactively protect customers from complex privacy abuses and cybercriminals. Through the adoption of “cloud first” strategy and protecting the brand from the advanced attacks of the data economy, organisations would be taking a step in the right direction.

About the authors: Jeff Pollard is VP and principal analyst; Stephanie Balaouras is VP and research director, and Amy DeMartine is principal analyst at Forrester

Jeff Pollard
Jeff Pollard
Stephanie Balaouras
Stephanie Balaouras
Amy DeMartine
Amy DeMartine

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags strategyCISOrisk managementprivacyCSOdata securityIPdata governancecommunicationsforresterCloud Governancereputationcybersecuritytechnology innovationCIO and CMOcloud firstethics of big datadata breachleadershipJeff Pollardreputational riskStephanie BalaourasAmy DeMartinebrand managementCIO and CSO

More about Streamline

Show Comments