Recently, Capco consultants sat down in an intimate forum with chief information security officers (CISOs) from several mortgage lenders to hear what was on the top of their minds and learn about several of their most important cybersecurity initiatives. These lending organizations cover a wide spectrum of sizes, service offerings, and geographic footprints, but they shared several common struggles.
Safeguard all vectors, regardless of budget. Cybersecurity budgets vary, but all companies are expected to cover the same bases in terms of securing the organization and its customer data. Cloud security, remote and distributed workforces, governance, third-party risk, and data privacy are just a few of the many challenges facing mortgage lenders.
Foster cybersecurity culture. The industry has a long history of paper-based transactions that still affect behaviors today. Despite digitization efforts and numerous collaboration solutions, employees and partners still share information on insecure channels and stonewall efforts to move the user experience to secure platforms.
Buy today, secure it tomorrow. When choosing technologies, mortgage lenders slant heavily toward a “buy and integrate” mindset over building their own platforms. This allows these organizations to take advantage of security investments made by vendors, but it often leads to a large and fractured ecosystem of SaaS offerings. Individual business groups often buy these products directly, bypassing vendor management or third-party risk governance processes. Cybersecurity becomes an afterthought and security teams must layer security into these new services without affecting user experience or performance.
CISOs have various ways to mitigate these challenges, but there are three areas that continue to emerge as focus areas for this year:
Employees will also look for the path of least resistance to receive customer files quickly and prevent burdens on the customer. These actions involve sensitive data being sent over unsecure or unauthorized channels that put customer data and regulatory compliance at risk. Consider leveraging email inspection and data loss prevention (DLP) tools to intercept and encrypt messages or replace with a link to a secure file share.
The challenges and initiatives the CISOs shared are relevant for mortgage lenders of all sizes and for many organizations outside of the lending space. The discussion showed that organizations recognize the importance of cybersecurity, but taking the secure path is not yet the default mindset.
For more information on these topics and how Capco has helped clients with efforts like these, please contact Robert Furr at Robert.Furr@capco.com.