Panaseer, an enterprise cybersecurity company, recently established a new Advisory Board that includes prominent figures in leadership, sustainability, business, and security. The Advisory Board will advance Panaseer’s vision of preventing cybersecurity incidents through effective measurement in risk management and help accelerate the widespread adoption of Panaseer’s Continuous Controls Monitoring platform, with a focus on large financial service enterprises. The Advisory Board will be chaired by Robert Swan, OBE, a renowned leader and explorer, who was the first person in history to walk to both the North and South Poles.
Nik Whitfield, a cyber-security thought leader with extensive cyber-security and FinTech experience is the CEO of Panaseer.
What has been the Panaseer response to financial technology innovations nationally?
As consumers, our lives are increasingly dependent on enterprise services from the likes of our banks, insurance companies etc. To protect our wellbeing, we need to protect those services and our data within those companies. We need to be assured that those services are going to be up and running and working for us when we need them.
However, despite the increasing billions of pounds invested in cyber-security, the frequency and cost of cyber incidents have increased. And even though there is a near-daily stream of new products and technologies coming out of start-ups and established security vendors, the problem continues to get worse.
My fellow Panaseer founders and I thought we thought we could see the hole in the cybersecurity defences in the companies we rely on, and we believed we could fill the hole using the latest technology and data science: this was how the idea for our proposition – Continuous Controls Monitoring – was born.
How has this changed over the past few years?
Financial services companies have hundreds of thousands of devices, tens of thousands of employees, thousands of applications, volumes of data which defy accurate nomenclature, and all of this distributed on different technology platforms, in different business lines, regions. No wonder security teams are hard-pressed to keep track of every detail and make sure everything is accounted for and secure.
Cybersecurity risk assessments were being done manually at a ‘point in time’, so they were subjective, incomplete and inaccurate – and out of date by the time they were written.
We wanted to keep companies secure and reduce their cost of compliance, so we automated this process. We developed a technology platform that automatically joins security, IT and business data, from all the different vendor technologies in an enterprise, stitches it all together, and creates the most valuable security metrics over that data for different stakeholders.
Basically, it allows the company to understand ‘What assets have we got? Are they well defended? What do we need to do next to improve security?’ It’s sophisticated technology, but what it does is simple really – visibility, measurement and remediation for cybersecurity risk.
How have you created a culture of change inside the company?
The main reason I founded Panaseer had nothing to do with cybersecurity. I had some ideas about how we could build a company where people really enjoyed their work, felt a sense of mission and could learn about staying well and becoming leaders. I wanted to build a high performing company with a compassionate culture.
After years of work we have just launched a company values programme, which is designed to enable Panaseer employees feel empowered to be authentically themselves, engage their curiosity and work together to create something truly unique.
What Fintech ideas have been implemented?
Product developments over the last year have included the integration of our platform with RSA Archer’s platform – the standard Integrated Risk Management platform (GRC in old money) in large financial institutions – which enables automated continuous controls, risk monitoring and assurance.
Technology powers all facets of the enterprise but it is hard to relate the relevant security risks to different areas of your business. We launched a world-first in security with our ‘Business Risk Perspectives’ capability, which enables enterprises to continuously monitor security risk for specific business critical services. This enabled customers to understand their security risk where it matters most.
What benefits have these brought?
Traditionally, Integrated Risk Management practices have relied on manual, human-driven approaches to self-assess and assure that controls are deployed and implemented correctly. With our integration with RSA Archer, IRM practices that require data to be collected and analysed can be automated with near real-time insights that are easily scalable. Security metrics may sound boring, but for those in the know, this is a super-smart trick to pull off.
Interestingly, Continuous Controls Monitoring has just been recognized for the first time in the Gartner 2020 Risk Management Hype Cycle and, we have been listed as an inaugural vendor. There here hasn’t been a new security category in the Risk Management Hype Cycle since 2016, so we feel delighted that a technology we have been tirelessly promoting has been added – especially as Gartner rates the benefits of CCM technology as ‘high.’
Do you see any other industry challenges on the horizon?
Security visibility and measurement is a massive challenge in cyber. Complex and fragmented IT environments have compounded the challenges for security teams. These issues are being exacerbated by the sheer number of security tools in use. Last year we surveyed over 200+ enterprise security leaders – the results indicated that, on average, enterprise security teams are grappling to manage an average of 57.1 discreet security tools. Over a quarter of respondents (26.5%) claimed to be running 76+ security tools across their organisation.
Unfortunately buying more tools does not equate to enhanced security. Ironically in many cases they impair visibility and cause bigger headaches as they often integrate poorly, have overlapping functionality and gaps in coverage.
Can these challenges be aided by Fintech?
It’s a challenge we are committed to solve. Security measurement is an opportunity to enable greater speed, error reduction and crucially enhanced visibility. We’re committed to continued innovation and product development to cover more areas of cyber, to introduce more automation, reach more stakeholder groups in the enterprise, and make sure we’re employing the best technology to achieve that aim.
Any final thoughts?
The last couple of years we have been tirelessly working to engage and educate the security market on the opportunity for our Continuous Controls Monitoring platform, whilst enhancing our capabilities to address current and emerging assurance audiences.