Automating the security function
Automating the security function
We’re seeing a convergence of data in the interest of automating security from identity authentication through threat detection and response. A broad set of know-your-customer (KYC) data is being gathered and analyzed by many sectors, including financial services, eCommerce/retail, technology, media and telecommunications, and automotive, among others. This information typically has been heavily siloed. But companies are beginning to realize they are sitting on a treasure trove of data that—if better organized and made more efficiently accessible— can be extracted and analyzed for a variety of value-added purposes.
The landscape as we see it
Companies are working hard to automate functions that until very recently have been purely manual, by pulling together historically disparate data sets.
Not only are businesses better able to confirm that digital customers are who they say they are, they are also acquiring deeper information, such as who has a virus on their computer, who recently received a phishing email, and who tried to enter a network to which they don’t have access.
Security professionals are combining third-party tools and in-house solutions to automate as much of the overall cyber playbook as possible, and align it with the organization’s business development and customer experience objectives. Companies are looking to automate the first and second lines of defense via the cloud to better respond to threats across the enterprise without a human having to do that work, while simultaneously confirming that the security controls they expect to have in place are indeed operating as expected.
What we believe you should do about it
Always remember: Whoever controls the data has the power. With that firmly in mind, the first step is to transfer your critical enterprise data from the different third-party vendors that so many companies maintain across their systems into a centralized, accessible location.
We also suggest advocating for a data normalization initiative within the organization to scrub and properly label the data so you understand what data you have, how it’s being posted, and what features are available within the datasets.
Organizations in the early stages of maturity in terms of data normalization may not be equipped to jump right into insight extraction through AI and machine learning. For these companies, it’s important to prioritize the use cases they want to address—fraud detection, customer experience enhancements, operational efficiency improvements, for example—and determine how to plug in the right tools, technologies, and advanced analytics to leverage the data once it’s available.
The excerpt was taken from KPMG article, All hands on deck: Key cyber security considerations for 2020”.
© 2024 R.G. Manabat & Co., a Philippine partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://kpmg.com/governance.