IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Let's not forget that RegTech is also about cybersecurity
Tue, 26th Jul 2016
FYI, this story is more than a year old

Regulatory Technology (RegTech) is becoming more of a tool to help organisations comply with automation and regulatory requirements, but Palo Alto Networks believes that they should be aware of how it will affect cybersecurity and the implications on busines operations.

“RegTech is a subset of FinTech, which refers to the use of new technologies in the financial services industry to improve operational and customer engagement capabilities. RegTech ultimately helps firms automate the more mundane compliance tasks and reduce operational risks associated with meeting compliance and reporting obligations," says Sean Duca, vice president and chief security officer, APAC at Palo Alto Networks.

The disruptive nature of RegTech provides benefits such as dataset agility, faster report speeds and integration, and analytics that are capable of mining large and complex datasets, the company says.

However, there are downsides including the effects on cybersecurity because it is so powerful, Duca says.

“RegTech, however, is an attractive target for cybercriminals because it also provides the technology to pull, consolidate, and manipulate existing systems and data, and produce and report regulatory data in a more cost-effective, flexible, and timely manner. This means security will need to become as dynamic as the processes it is protecting. Businesses must consistently consider the value of their data, where the data resides, how well is it protected, who is protecting it, and who has access to it," Duca explains.

The faster speeds and complex data analytics mean businesses must take a real-time visualisation approach to cyber attacks. How well organisations do this will be a differentiating factor in their security posture, Duca believes.

Palo Alto Networks provides six considerations for RegTech systems:

  • What is the value of your data to your organisation and competitors?
  • Is a third party protecting your organisation? Do they know who can access sensitive data and what they have access to?
  • How and where is the data stored? If security controls can be focused on one area, it may reduce acquisition and utilisation costs.
  • What is the possibility of a data leak in the event of a hacking? Measuring the risk associated with keeping sensitive data lets you implement technologies and processes that will reduce both the risk and the cost associated with protecting sensitive data.
  • How secure is your data? What makes data sensitive, what is the content and value of that data, how do you audit your data and are you hoarding it when it may not be necessary? Shrinking the sensitive data footprint reduces cost.