cfotechoutlook

The Quintessential Technology Source for Corporate Financial Professionals

Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
9MAY 2019The most forward thinking technical organizations today have started to shift their focus to implementing an across-the-board, holistic risk management strategydrawn between the two areas. As organizations evolve their security and fraud strategies, they can greatly benefit by looking for ways to find synergies between all of their risk-related programs.Shifting the Mindset to Holistic RiskThe most forward thinking technical organizations today have started to shift their focus to implementing an across-the-board, holistic risk management strategy. In tactical terms, this means that they are starting to break down barriers between the cybersecurity and fraud functions and implementing cross-functional teams that help look at risk across all network, system, application and product assets. For example, in many credit card issuing banks, the cybersecurity team often reports to a CIO or COO function, while credit card fraud detection or investigation teams often report to a business unit or CRO function. On a daily basis their operations, intelligence and processes rarely touch and, even in the most mature banks, collaboration between the two groups is often only limited to when incidents occur.In a more progressive model, organizations need to look at holistic risk and build teams that are effective and agile enough to address all possible interlinked risks between multiple function areas. Threat intelligence and indicators of compromise should be shared between all parties and systems should ideally be able to analyze threats in automated systems. For example, if a fraud team detects suspicious login activity from a specific IP address and device fingerprint, this information should be shared with a cybersecurity team to further analyze potential threats coming from these actors.While it's often difficult to break down the walls between traditional fraud and cyber organizations due to historical, cultural or budgetary reasons, organizations can start small by focusing on greater collaboration between teams, coupled with simple data sharing strategies. An hour-long knowledge sharing session between security engineers and fraud analysts can result in significant benefits. A single criminal case identified from this type of collaboration could easily result in a savings that far exceeds the time invested in such an exercise.The Market Approach TodayThe current shift in mindset that I've been describing has impacted my organization's go-to-market strategy significantly over the past several years. Aon Cyber Solutions Group is a full-service cybersecurity firm that helps provide proactive and reactive cybersecurity solutions for many of the largest enterprises in the world. However, our product and service offering has evolved over the years to also focus on comprehensive risk management, rather than purely "technical" cyber remediation work. Clients are looking for service providers that can assess the full spectrum of risk that exists within an organization, while proposing practical solutions to address them. In addition, the stakeholders we typically interact with have evolved from primarily the CISO/CIO roles to a wide variety of stakeholders, including CFOs, CROs and business owners. This further reinforces the notion that fraud and security is no longer a concern that should only live within the CISO/CIO realm of an organization, but should engage all aspects of the C-Suite.The reality of the world is that it's nearly impossible to solve every risk with technical solutions, no matter the size of the budget or intelligence of your teams. As a result, we've evolved and enhanced our approaches to offer clients a combination of proactive advisory work, world-class cybersecurity technical services and risk transfer (insurance) solutions to address all risks across the spectrum. Whether you are using an outsourced service provider or building an in-house team, we advise that all organizations use a similar approach to ensure you are protected before an incident, and are sufficiently prepared to handle the recovery and remediation necessary after a major fraud or security incident occurs.
< Page 8 | Page 10 >