14 December 2017
Eugene Land

50208

Eugene Land - BT

1Posts 6,791Views 0Comments

The rise of holistic surveillance: a disruptive approach for cyber security and regulation

08 June 2017  |  6792 views  |  0

Compliance, information security and HR departments are embracing smart surveillance technologies to help meet their obligations. But many struggle to adopt a holistic surveillance service that works across multiple departments and multiple people. So what’s the answer?

‘Regulated compliance’ and ‘cyber security’ have been used to justify many investment cases.  As a result, banks have invested tens of millions to optimise and improve their surveillance capabilities on the trading floors, in contact centres and in branches.  But this resulted in individual people and departments often opting for very different surveillance solutions, resulting in operational silos when seeking to address rogue conduct.

With the scope of regulation expanding every year combined with the ever increasing need to counter the ever-growing cyber threat, many executives are questioning whether these silos can actually deliver a transformational change in surveillance.  Senior management teams are increasingly seeking a disruptive approach that addresses both cyber security and regulatory expectations, by embracing holistic surveillance.

So what is holistic surveillance?

Holistic surveillance involves the consumption, monitoring and analysis of structured data (e.g. transactional data) and unstructured data (e.g. voice calls and chat messages). This provides a proactive contextual, top level view of the department/organisation that in turn helps to identify rogue behaviour.

Experts recommend that to adopt holistic surveillance banks should:

  • ensure all structured data and unstructured data is captured, index and harmonised enabling deep analysis of all the banks data;
  • define and then procure services that addresses the surveillance needs of the compliance, information security and HR teams;
  • ensure machine based learning lies at the heart of any holistic surveillance investment as rogue employees will adapt to try and circumvent detection; and
  • move from feature based pricing to a holistic price per monitor user model where the addition of new features doesn’t incur incremental costs.  Every cyber or compliance officer knows rogue behaviour will adapt to avoid detection and no one wants to keep writing new business cases to secure new functionality from a software release. 

1. The barriers to adopting holistic surveillance 

There are three main hurdles that need to be overcome in order for firms to implement a holistic surveillance model:

Fragmentation of bank’ surveillance teams and slow uptake of unified communications systems

The average bank today has at least four surveillance ‘towers’, including:

 

  • ‘A-Comms Tower’ for all audio surveillance (e.g. desk and mobile voice);
  • ‘E-Comms Tower’ for all electronic surveillance (e.g. instant messaging, chat, other apps);
  • Information Security monitoring devices & the perimeter firewalls protecting from the insider threat of rogue conduct;
  • ‘HR Tower’ to ensure the health and the well-being of the bank staff by monitoring excessive working hours and/or inappropriate conversations with work colleagues.

 

Each of these surveillance towers often have separate operating teams, resulting in a highly fragmented surveillance system.  This could be further complicated if a bank operates separate branches for retail and investment activities.  It’s also important to remember each of these teams have their own priorities.

Slow uptake of unified communication systems

It used to be a matter of pride that the trading floor was optimised to solely work for the regulated trading floor users.   But today banks seek to ensure the UC collaboration services adopted by the enterprise can be seamlessly consumed on the trading floor and by extending UC to the trade floor, a broader approach to holistic surveillance of enterprise communications is required.  Verint, for example, now has a single platform which is able to capture that holistic UC infrastructure.  These types of changes will help banks start their journey towards holistic surveillance throughout the enterprise.

So where to start with the adoption of holistic surveillance? 

We see this as a three step process: 

Start with your key stakeholders - Bring together the compliance, information security and HR departments to tackle the issue of fragmented processes and technologies to address rogue conduct.  Document and define what holistic surveillance looks like for your company.  Challenge your executives to buy into “one holistic surveillance programme” to tackle the ever-expanding cyber security and compliance budgets.  

Focus on the data and contextualise it. Most surveillance partners can automate the ingestion of structured data, however the contextualisation of unstructured information has until recently often been represented in silo dashboards.  The ingestion of unstructured data alongside smarts including machine learning and behavioural analytics ensures banks can gain a contextual understanding of what is being said to whom, helping you to focus on the data that matters.

Challenge your partners to show you customers that have adopted their holistic surveillance technology. Better still ask your technology and infrastructure partner to jointly work with you investing their time in a pilot to quickly demonstrate the business outcome of holistic surveillance.  Pilots have the ability to capture executives’ attention helping you secure both the funding and sponsorship you need to implement holistic surveillance.

TagsRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Eugene

Eugene's profile

job title Head of Compliance
location London
member since 2017
Summary profile See full profile »
Responsible for transforming BT's Global Banking & Financial Markets compliance portfolio. Helped to move the offering from a single product category fixed recording to a multi-product portfolio help...

Eugene's expertise

Member since 2010
0 posts0 comments
What Eugene reads
Eugene writes about
Risk & regulation
Eugene's blog archive
June 2017 (1)

Who's commenting on Eugene's posts