That’s a fact : the world is changing increasingly fast and becomes highly digital.
A significant increase of data volume
That’s a fact : the world is changing increasingly fast and becomes highly digital. Growth of data is exponential. IDC forecasts that by 2025, the global datasphere will grow to 163 zettabytes (163 trillion gigabytes), i.e 10 times of data generated in 20161.
Last year2, we emphasizes the emerging technologies in Finance such as Artificial intelligence and Machine learning. All these technologies require a huge amount of data to build the models, then to apply them on a daily basis, for experience, adjustment and production: data mining, data cleansing & sorting.
The more we go, the more data becomes critical in all aspects of our life.
And data remains everywhere in our professional and personal lives, from personal assistant to automated cars, from newspaper to financial reports. The more we go, the more data becomes critical in all aspects of our life. Level of criticality of data might be assessed: according to IDC, 10% is hyper-critical, 20% is critical, almost 90% is sensitive, but only less than a half being secured.
From a business perspective, risks are increasing at the same rhythm than technology: from malicious payments, to ransomwares, including all kinds of attacks, individuals and companies are widely exposed to cyber-criminals.
Only in France3, in 2017, 92% of companies have faced 1 or more cyber-attacks. 64% of companies will increase cyber-security budget this year and more than 40% are seriously considering cyber-insurance.
Opening the data?
Then, companies are facing a contradiction between the willingness to open and expose their data and IT systems, to create more valuable offers to their customers, and develop partnerships with other institutions and partners (such as FinTechs and RegTechs), and on the other hand the necessity to secure data and IT environments.
From a fortress model to an airport model
To solve this issue, a new paradigm is emerging from the security sphere: we are gently moving from a security model based on “Fortress” (nobody enters, everything is safe and secure inside) to a model of “Airport” (multiple zones, with different level of security adjusted on the level of protection of the data, adequately proportional to the risks related to the value of the underlying asset).
New EU regulations about data
GDPR regulation is about to be issued in Europe and includes some basic principles for data protection : among them, “privacy by design”, identification of data protection officers, and accountability of companies managing personal data. It also offers new and reinforced rights for EU residents, in a simple and explicit manner. All companies which collect, store and process EU residents personal data are concerned, including outside the European borders.
This harmonization across Europe of basic principles related to data protection is just a recall that protection is not an option to consider, it is at the heart of any new development of financial activity. And beyond personal data, we all know that the same principles should be applied to any data manipulated by our companies: privacy, transparency, and proportionality have been introduced for many years in local and EU rules and directives. Let’s just consider now them as part of our daily business, and information shared with our customers.
Protection is not an option to consider, it is at the heart of any new development of financial activity.
As trustful and long-lasting partners, banks and financial institutions are providing their customers with adequate level of security, to protect all kind of assets, during all phases of activity: safekeeping and securing transactions.
A common understanding with banks
The Digital economy forces banks and financial institutions to revise their security models as well; bringing confidence into their systems and the process linked to the dematerialization of information. Number of cases of frauds have shown in a recent past, that protection of data is not only a struggle between hackers and some IT specialists in cyber-protection, this might become the major risk against the safe of a company. Data protection is under the responsibility of everybody from the top manager until any operator in our systems, a common asset to manage carefully.
And the perimeter of the environment to secure is also moving rapidly, including all partners included in the value chain, from producers to final consumers. The purpose here is not to frighten everybody and stop making business, trying to avoid to exchange data. At the contrary, the objective is to increase number of exchanges, and share the business value linked with the quality of data we provide each other. But to do it carefully, managing the right proportion of security and confidence between partners.
Societe Generale protection strategy
At Societe Generale level, many actions have been put in place to secure data: creation of CERT (real time analysis of activity, potential frauds & attacks, analysis of weak signal thanks to AI & machine learning), increase of awareness programs & all-staff training about new cases of frauds (Advanced Persistent Threats, Social engineering), permanent surveys of inbound/outbound flows of data, identity management upgrade.
Identification of stakeholders in an electronic exchange is a way to bring the right level of confidence, and open the doors to the right friends. The data protection engages any part of the chain, consciously.
And, by analogy with Artificial Intelligence, don’t fear to be left behind, we get smarter by improving our systems, and protecting our assets. Just we have to remember that Darwin is still alive today : the ones which will not adapt data protection to the current risks may face major issues in the future.
(1) Data age 2025: the evolution of Data to Life-Critical, IDC White Paper, April 2017. (2) SGSS Tech magazine, Special Edition 2017. (3) Les Echos, Jan 23rd 2018, « Cybercriminalité : nette augmentation des attaques en France en 2017 » ; www.lesechos.fr/tech-medias/hightech/0301193349879-cybercriminalite-nette-augmentation-des-attaques-en-france-en-2017-2147347.php