GlobalFintechSeries Interview with Kenya Dixon, COO at Empire Technologies Risk Management Group (ETRM Group)
Financial institutions have been at the forefront of data security breaches in 2020. As a result, “Financial institutions need to use AI technology/Behavioral Analytics to monitor what everyone in a financial institution is doing and how they do it. Identifiable anomalies in behavior need to be unmasked and monitored as part of risk avoidance,’’ shares Kenya Dixon, COO at Empire Technologies Risk Management Group (ETRM Group) in this chat on data security issues plaguing banks today.
Tell us a little about yourself Kenya and your journey so far?
I am a lawyer (former litigator) and a technologist. I was a litigator for a long time and then went to Lockheed Martin for a few years. There, I was immersed in technology and the legal support world. I went to a technical high school (Brooklyn Tech) so I have always been around technology. I have served the government by working at the FDIC, FTC, and the White House. In the federal space, I learned infrastructure, cybersecurity, eDiscovery, information governance and information assurance. More importantly, I worked with many amazingly talented people who work hard at protecting the most attacked environments in the world. I am now in a position that allows me to set priorities and take the knowledge that I gained in the government and transfer it to the private sector. My mission is two-fold: 1. Bring intelligence community level skillsets and knowledge to the legal sector and 2. Provide the government with the types of resources I wanted when I was a federal employee.
We’d love to use this time to dive into key security / data security issues concerning global banks/financial institutions: how have you seen modern innovations in financial services also lead to more concerns around data and security?
Banks have been on target with regards keeping up with data security and data privacy risks. Unlike other commercial enterprises, they have the money to invest in data security and they do so. The hole in their security is with third parties that hold banking and financial data: law firms and legal support vendors. Law firms have been very slow to invest in protecting client data and because of that, the legal industry is being attacked and breached every day. Ransomware has become a huge threat to U.S. businesses because law firms are easy targets. When Covid-19 hit the U.S., foreign nation states and other malicious actors began an unprecedented assault on law firms and legal support vendors. Many law firms and clients have still not been able to retrieve data from ransomware attacks. The larger the firm or vendor, the bigger the attack. It is time for a national and global cybersecurity standard for law firms and their vendors.
This is not news to anyone in the fintech environment but – Policy, behavior, and monitoring and the Infrastructure within financial institutions needs to prevent casual use, it’s important to make use of behavioral analytics to catch harmful behavior before it impacts financial data, and continue monitoring and engaging with the intelligence community.
How are you seeing innovative tech companies change how the global finance market undertakes data privacy and security measures for highly sensitive information in the cloud?
The financial industry is up to speed on the technology but requiring cloud vendors to have auditable security in place can be challenging. Cloud vendors often have one-level menus that are take it or leave it. The big three in Cloud are safe, but expensive, and they are not necessarily willing to negotiate with customers. Customers need to negotiate security standards, data destruction policies and the return of data at the end of the relationship. Cloud vendors have not proven to be flexible in respect to security protocols or even data return or destruction. What is a news flash is that cloud vendors get subpoenaed and turn over client data without warning or informing the customer. Cloud is as safe as on premise, these days, but you risk having your data turned over to government actors without prior review or knowledge.
In what ways are you seeing emerging technologies like AI transform newer cybersecurity offerings and solutions today?
85 percent of breaches occur because of internal activity – most are not malicious but negligent in some respect. AI Analytics software can help with oversight of PII and industry data by predicting behavior before harm is done. I’m also seeing cyber training as a technology offering from several companies. Employee training is key to avoid breaches and the market is responding to this need. Training will make users think twice before clicking.
We’d love to hear your thoughts on the state of data issues and security in financial markets: what are some of the biggest threats providers need to keep more of a watch out for in the future?
I think foreign nation states can be the biggest threat and their weapon of choice – ransomware. Data from ransomware attacks ends up on the Dark Web. Investing in more cyber staff and new software is a must but also maintaining communications with government intelligence agencies like the Department of Homeland Security is very important. DHS is tasked with protecting us from attack and knowing what to look out for. Creating task forces, within your organization, of former military intelligence and government experts will keep you up to speed on the latest threats and the latest prescription.
Can you share a few thoughts on the evolution of cybersecurity platforms and how you see this market shape up in the future?
Cybersecurity is King. Because everything is data, data security is this generation and the next. Law firms are the weakest link, currently. They may not be subject to the avalanche of cyber regulations and laws that are coming but the industry will step into the breach. The Association of Corporate Counsel (ACC) has created and is in the process of launching a new Data Steward Program. That program will offer a data security accreditation to law firms and legal vendors. It will create a data security standard for the entire industry. The requirements are modeled after NIST, ISO and FedRamp requirements. The ACC Data Steward Program will lift the legal industry to new standards. Corporations, including financial institutions, will require their law firms to be ACC accredited before they trust their data to the firm. Competition will drive data security compliance within law firms and that’s a good thing.
Before we wrap up, what are the biggest learnings / tips you’d share with fintech/cybersecurity innovators and founders?
We are firmly and solidly planted in the technology age. Training on future technology offerings is key. Investing in employee development, growth and engagement is key to success.
The ETRM Group helps law firms, corporations and federal, state, and local governments protect data, leverage technology and optimize workflows. The company views cybersecurity as the foundation of every successful legal and technology process, whether it is eDiscovery, managed review or adapting to new standards like remote workforces. Its team of lawyers and technologists have more than 100 years of collective experience in cybersecurity and information assurance, having served the Department of Defense, the U.S. Department of Treasury, the Federal Trade Commission, the White House, Fortune 500 corporations, and more. The ETRM Group is an accredited services provider for the Association of Corporate Counsel’s Data Steward Program.
Kenya Parrish-Dixon is formerly the Director of White House Information Governance for the Executive Office of the President. She oversaw the e-Discovery and FOIA Unit, Digital Forensics Unit, Digital Forensics Lab, Records Management Unit and Information Assurance. Kenya rebuilt the digital forensics lab and modernized its capabilities. Currently, she is the General Counsel and the Chief Operations Officer for Empire Technologies Risk Management Group, a cybersecurity, Information Governance, eDiscovery and Managed Review corporate holding company.