As we mark Data Privacy Day, a global initiative to raise awareness about the importance of safeguarding personal information, we sit down with Harshit Mistry, GBST’s Global Head of Information Security. With over 15 years of experience in cybersecurity and consulting, Harshit has dedicated much of his career to helping organisations navigate data privacy challenges in an increasingly digital world. In this People Spotlight, he shares his journey into information security, insights on current trends, and practical advice on protecting sensitive data.
Hi, Harshit! Can you tell us a bit about your journey into Information Security and how you came to lead the function at GBST?
Hello! My journey started in 2002 when I studied for a Bachelor’s degree in Information Technology. I’ve always loved technology’s ability to simplify life and connect people. While I aspired to grow into a management role, I didn’t want to lose touch with the technical aspects. This led me to pursue an MBA in Information Systems and Security, which set the foundation for my career in cybersecurity.
Over 15 years in consulting allowed me to work across geographies and industries, learning how different organisations perceive and manage risks. For some, confidentiality is critical; availability or integrity takes precedence for others. These varied experiences equipped me with the knowledge to address complex security challenges and ultimately brought me to GBST.
What does Data Privacy Day mean to you, both personally and professionally?
Data has become one of the most valuable assets in our personal and professional lives. Organisations increasingly leverage data models and AI to understand customer behaviour and improve services, but this comes with responsibilities.
For me, Data Privacy Day is a moment to pause and reflect. It’s about reviewing where my data is shared and ensuring I’m not over-sharing. Professionally, it’s a reminder for organisations to avoid over-collecting data and focus on responsible practices. Over-collection not only increases compliance costs but also adds unnecessary risks.
In your view, what are the biggest data privacy challenges financial services organisations face today?
The biggest challenge is managing data across multiple business processes and units while ensuring compliance. Financial services organisations must maintain updated data registers, track how data is collected and stored, and control access.
With hybrid and remote working models becoming the norm, risks such as data exfiltration and unauthorised access have grown significantly. Additionally, organisations face challenges around data retention—deciding how long to keep data and ensuring it’s not stored beyond necessary timeframes.
How does GBST ensure our clients’ data stays secure and compliant in such a fast-changing digital environment?
At GBST, we prioritise security by keeping things simple and foundational. For example, we avoid ingesting client production data into our environments unless absolutely necessary. When data is required for specific use cases, we ensure it’s stored in segmented areas with access controls and strict retention policies.
Our software solutions also play a crucial role in reducing risks. They enable clients to manage their data securely without needing to integrate it directly into our systems. By adhering to fundamental security practices, we ensure both compliance and client trust.
Is there a recent trend or development in data security that has caught your attention?
Two trends stand out: zero trust principles and AI-based security tools.
Zero trust is about treating everyone as outsiders until they’ve proven their identity and authorisation. This approach strengthens security by minimising trust and adhering to least privilege principles.
AI-based tools are also game-changers. They can detect anomalies, such as data appearing in non-designated areas or unusual user behaviours, allowing us to proactively investigate and address potential risks. These innovations, when built on strong foundational controls, have tremendous potential.
What advice would you give individuals and organisations looking to improve their data privacy practices?
Start by understanding your data—where it’s stored, how it flows, and its classification. Tools like data flow diagrams and discovery activities can help map your environment.
For organisations, it’s essential to implement controls aligned with the sensitivity of your data. Run threat scenarios to identify vulnerabilities, assess risks, and implement additional protections if needed. Finally, management must be aware of potential risks and the measures in place to mitigate them.
How do you balance strong security measures with user experience and business agility?
It’s a balancing act, but one that’s achievable. Strong security doesn’t have to come at the expense of user experience or innovation. If your foundation is strong, you can enable business agility while ensuring security.
Good user experience leads to happier customers, which in turn drives revenue and allows organisations to invest in security. It’s a triad—security, user experience, and innovation—all working together to create value. Ultimately, the balance depends on your risk appetite and industry priorities.
And finally, do your hobbies reflect your cautious nature outside of work, or are you into potholing and swimming with sharks?!
Swimming with sharks might exceed my risk appetite! Photography is my passion. I love capturing landscapes and nature. It’s a great way to unwind and stay motivated. While family time takes precedence, photography allows me to reconnect with myself and find inspiration in the beauty around me.
Posted in: Wealth Management Administration
