How Top Targeted Industries are Using RSA Archer to Stop Cyber Fraud – Part 1: Banks

By Eric Noonan • November 29, 2016

If you were a bank robber, you would target the largest bank around in order to secure the biggest prize possible in exchange for the risk associated with committing the crime, right? The same is true for cybercriminals. They specifically target organizations within industries that provide the most return for their crime. These unseen criminals, though they are not stealing physical cash, are stealing your personal information that can grant them access to more than just what is in your bank account. The prime targeted industries are those that house customer information in some form or another, examples would be banks, healthcare providers, and retailers, among others. Thankfully, our everyday institutions are fortifying their security against these cyber thieves by employing software solutions such as RSA Archer to aid in the prevention of theft of customer data and fraud from ever occurring in the first place by tracking threat behavior and analyzing patterns of risk.

The banking industry maintains millions of dollars of assets and huge databases of customer data and therefore, are prime targets for fraud. Big banks, along with other major organizations, have traditionally held a nonintegrated approach to GRC, negatively impacting business performance and resulting in inefficient manual processes, poor visibility across the enterprise, and a mixing bowl of risk and compliance frameworks.

In a case study conducted by GRC 20/20, they researched how large commercial banks achieved value through an enterprise GRC platform, RSA Archer. “Siloed GRC processes are ineffective at an aggregate level, as the organization does not have a complete view of GRC in the context of the business. Success in today’s dynamic business environment requires organizations to integrate, build and support business processes with an enterprise view of GRC. Without an integrated view of risk and compliance, the scattered and nonintegrated approaches of the past fail and expose the business to unanticipated risk” (EMC). The bank developed a strategic plan that rolled out 35 GRC programs designed to assess and evaluate risk across all lines of business. A few of those programs included control self-assessments, third-party risk, and contract management, SOX control assessments and management, marking material compliance and content review, quality assurance compliance management, internal audit management, and incident response management. RSA Archer permitted the bank to utilize a common organizational hierarchy, asset repository, list of facilities, contact (employee) information, risk register, corporate policies, and control library to establish relationships between all 35 programs, which resulted in greater efficiency, agility, and effectiveness across the business. Here are just a few examples of real results achieved from the implementation of Archer within the first year:

  • Time to complete assessments and approvals reduced by 60%
  • Saved the bank approximately $1.65 million
  • Reduced the time and expense involved in managing previously disconnected solutions
  • An overall reduction in third-party risk
  • Increased participation and effectiveness by 320% in product/service/control assessments
  • Increased ability for reporting and visibility of risk for end-users and executive management alike

At CyberSheath, we know cybersecurity processes first, and we use that knowledge and experience to help our partners get real value from Archer. To learn more about our Governance, Risk and Compliance service click the link below to download a datasheet detailing our unique GRC approach for both government and commercial clients.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.