sb-au logo
Story image

Let's not forget that RegTech is also about cybersecurity

26 Jul 2016

Regulatory Technology (RegTech) is becoming more of a tool to help organisations comply with automation and regulatory requirements, but Palo Alto Networks believes that they should be aware of how it will affect cybersecurity and the implications on busines operations.

“RegTech is a subset of FinTech, which refers to the use of new technologies in the financial services industry to improve operational and customer engagement capabilities. RegTech ultimately helps firms automate the more mundane compliance tasks and reduce operational risks associated with meeting compliance and reporting obligations," says Sean Duca, vice president and chief security officer, APAC at Palo Alto Networks.

The disruptive nature of RegTech provides benefits such as dataset agility, faster report speeds and integration, and analytics that are capable of mining large and complex datasets, the company says.

However, there are downsides including the effects on cybersecurity because it is so powerful, Duca says.

“RegTech, however, is an attractive target for cybercriminals because it also provides the technology to pull, consolidate, and manipulate existing systems and data, and produce and report regulatory data in a more cost-effective, flexible, and timely manner. This means security will need to become as dynamic as the processes it is protecting. Businesses must consistently consider the value of their data, where the data resides, how well is it protected, who is protecting it, and who has access to it," Duca explains.

The faster speeds and complex data analytics mean businesses must take a real-time visualisation approach to cyber attacks. How well organisations do this will be a differentiating factor in their security posture, Duca believes.

Palo Alto Networks provides six considerations for RegTech systems:

  • What is the value of your data to your organisation and competitors?
  • Is a third party protecting your organisation? Do they know who can access sensitive data and what they have access to?
  • How and where is the data stored? If security controls can be focused on one area, it may reduce acquisition and utilisation costs.
  • What is the possibility of a data leak in the event of a hacking? Measuring the risk associated with keeping sensitive data lets you implement technologies and processes that will reduce both the risk and the cost associated with protecting sensitive data.
  • How secure is your data? What makes data sensitive, what is the content and value of that data, how do you audit your data and are you hoarding it when it may not be necessary? Shrinking the sensitive data footprint reduces cost.
Story image
Demand for VPNs soars in Hong Kong amid fears over Beijing crackdown
VPN provider Surfshark revealed it has seen a week’s worth of sales in just one hour within the city, indicating that locals feel their internet freedom is under attack.More
Story image
Vulnerability discovered in DNS recursive resolvers that can be abused to launch DDoS attacks against any victim
Researchers have discovered a vulnerability in the implementation of DNS recursive resolvers that can be abused to launch disruptive DDoS attacks against any victim.More
Story image
HCL takes over Broadcom’s Symantec security consulting
As part of the partnership, the majority of Broadcom's Symantec enterprise consulting team will transition to HCL.More
Link image
Webcast Series: Best security practices for a mobile workforce
Join an exclusive monthly webcast series to learn how to better secure your mobile workforce in the evolving threat landscape.More
Story image
ExtraHop brings SaaS network detection and response solution to market
"Reveal(x) 360 is the culmination of a multi-year R&D investment to secure data centre, remote sites, and cloud workloads with frictionless deployment and actionable insights that can be securely accessed from anywhere.”More
Story image
Endace and Palo Alto Networks launch integration to empower security teams
“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.” More