With a major data privacy scandal involving Facebook, a crippling ransomware attack on the City of Atlanta in the US, and a $2 billion fraud at Punjab National Bank in India, we take a look at some of the biggest news stories that have dominated the GRC space in the first few months of 2018.
Mark Zuckerberg, Facebook’s CEO, recently testified before Congress on the alleged harvesting of personal data by Cambridge Analytica – a third-party data analytics firm – to influence the 2016 US elections.
The scandal, which reports say involved the personal data of more than 70 million Americans, has led to a public outcry, prompted #deletefacebook, and shaved off over $80 billion from the company’s stock value since the incident was uncovered. The social media giant may also be at risk of hefty fines for possibly violating an FTC privacy deal.
With public trust in Facebook diminishing, the company has had to postpone the launch of its smart speaker for a “better time.”
After WannaCry and NotPetya last year, cyber-attacks have intensified – this time, it was the City of Atlanta in the US that was the victim. The attackers, who reportedly hobbled several internal and public services, demanded a ransom payment in bitcoins in exchange for unlocking systems. The incident was serious enough for the FBI to get involved in the investigation.
According to a New York Times report, the attack has unnerved security experts. One security intelligence analyst noted that attackers are constantly learning from their mistakes, and evolving their code before launching the next assault. With growing concerns around these issues, it isn’t surprising that the US has devoted $380 million of its spending bill to election cybersecurity.
The news of how one of India’s richest men, who until recently was on Forbes’ billionaire list, defrauded the country’s second largest state-run bank of over $2 billion, sent shockwaves across the Indian banking sector. Nirav Modi, a diamond jeweler, and his uncle, Mehul Choksi, reportedly colluded with Punjab National Bank (PNB) officials to get credit through fraudulently issued papers. But how did one of the largest frauds in recent banking history in India go undetected for over 6 years?
As the story unfolded, reports emerged of how auditors failed to detect the scam for a long time with multiple audits failing to raise an alarm. The fall-out of the scam has led to the creation of the National Financial Reporting Authority (NFRA), a new watchdog for the auditing profession with sweeping powers to act against erring auditors or auditing firms.
A massive breach of trust at one of the biggest names in Silicon Valley, also a reputed social media giant, has led to public outrage, and highlighted yet again the importance of better controls for data privacy and data protection. As concerns grow over the use of personal data by companies, there are calls for more extensive data privacy laws. Europe appears to be leading the way with the General Data Protection Regulation (GDPR), but it remains to be seen if the US will follow suit.
With cyber-attacks continuing to exploit system vulnerabilities, holding governments ransom, and threatening to override democracy, there will be a renewed focus on cybersecurity and the protection of critical systems.
Meanwhile, in emerging Asian markets such as India, recently plagued by scandals and scams, we are likely to see the beginning a new era of not just regulations, but also of increased scrutiny and enforcement.
According to a leading IT firm research nearly 90 percent of the data in the world has been produced in just the last two years. Though a bit of a buzz phrase these days, big data is as important as the internet itself to many businesses today, for a number of reasons. The simplest explanation of how big data benefits businesses is this: It provides the insights needed to make more confident decisions, take faster actions, improve operational efficiencies, minimize risks, and reduce spending.
The sudden emergence of the whole phenomenon around the data explosion has been the result of the pervasive use of mobile devices and the large volumes of data generated from web based purchases, mobile activities, and social media interactions. As the massive volume of data and computing platforms continues to proliferate, the absence of thorough reassessments and thinking around information processing paradigms of the past will leave today’s enterprises ill-prepared to deal with this new (IT) normal.
Enterprises have to realize the obvious fact that big data is an immensely powerful concept, and information is a strong business asset. Managing large volumes of homogenous data is something that organizations of all kinds can benefit from; spanning retail, social networking, science and research, clinical trials, CRM, operational activities, transactions and more. The real challenge for organizations today is to move beyond the data volumes and data storage obstacles to assess the true value of available data to reduce overall internal audit or compliance field work costs. The vast majority of enterprise businesses are faced with the challenge of decoding large volumes of homogenous, inconsistent, or inaccurate data — often referred to as “bad data.”
Industry analyst Doug Laney encapsulated the characteristics of big data using the three Vs — volume (the quantity of data), velocity (the rate at which data is generated and changed) and variety (the number of different data sources and types). Many are also adding characteristics such as “complexity,” “veracity” and “variability” to their understanding of the concept.
An accurate analysis of big data helps enterprises with better insights into their customers, market opportunities, growth prospects, and corporate performance. This strategic analysis of large volumes of data enables organizations to achieve higher-quality results in their own internal audit and compliance processes, thus enabling them to establish more effective governance, controls, and monitoring mechanisms.
With the skyrocketing number of transactions and evolving compliance requirements and regulations, big data analysis offers endless opportunities for enterprises to mitigate key governance, risk, and compliance issues. Just as big data analytics can lead to more targeted marketing initiatives by analyzing marketing program responses, supplier activities, customer demographics, and sales patterns, effective analysis of massive volumes of structured and unstructured data can also enable organizations in the Governance, Risk and Compliance (GRC) space to:
Big data analysis should become a core component of every organization’s operations, performed on a continuous basis, spanning areas such as payment or billing transactions, payroll, social media analysis, sales, operational processes, and compliance. For many organizations, especially in highly scrutinized and regulated industries such as healthcare, finance, and insurance, big data analysis can support Enterprise Risk Management (ERM) by helping monitor risks involving loans, claims, and patient care procedures.
Simply stated, integrating big data analytics into an organization’s GRC methodology will help pave the way for a truly data-driven organization.
Welcome to the initial entry of this blog! In subsequent posts, I’ll discuss competitive trends I’m observing in the GRC market along with other issues that will affect GRC vendors.
Earlier in my career, I had the opportunity to work in the CRM industry and saw directly how that market grew, matured and eventually consolidated. In many ways, today’s GRC market is similar (buyers still learning what GRC means to them, no dominant market player, little M & A activity to date) to how the CRM market appeared in the early 2000’s.
Thanks for joining and I’m looking forward to speaking with you.
Warren
Subscribe for Latest Updates
Subscribe Now