If you were a bank robber, you would target the largest bank around in order to secure the biggest prize possible in exchange for the risk associated with committing the crime, right? The same is true for cybercriminals. They specifically target organizations within industries that provide the most return for their crime. These unseen criminals, though they are not stealing physical cash, are stealing your personal information that can grant them access to more than just what is in your bank account. The prime targeted industries are those that house customer information in some form or another, examples would be banks, healthcare providers, and retailers, among others. Thankfully, our everyday institutions are fortifying their security against these cyber thieves by employing software solutions such as RSA Archer to aid in the prevention of theft of customer data and fraud from ever occurring in the first place by tracking threat behavior and analyzing patterns of risk.
The banking industry maintains millions of dollars of assets and huge databases of customer data and therefore, are prime targets for fraud. Big banks, along with other major organizations, have traditionally held a nonintegrated approach to GRC, negatively impacting business performance and resulting in inefficient manual processes, poor visibility across the enterprise, and a mixing bowl of risk and compliance frameworks.
In a case study conducted by GRC 20/20, they researched how large commercial banks achieved value through an enterprise GRC platform, RSA Archer. “Siloed GRC processes are ineffective at an aggregate level, as the organization does not have a complete view of GRC in the context of the business. Success in today’s dynamic business environment requires organizations to integrate, build and support business processes with an enterprise view of GRC. Without an integrated view of risk and compliance, the scattered and nonintegrated approaches of the past fail and expose the business to unanticipated risk” (EMC). The bank developed a strategic plan that rolled out 35 GRC programs designed to assess and evaluate risk across all lines of business. A few of those programs included control self-assessments, third-party risk, and contract management, SOX control assessments and management, marking material compliance and content review, quality assurance compliance management, internal audit management, and incident response management. RSA Archer permitted the bank to utilize a common organizational hierarchy, asset repository, list of facilities, contact (employee) information, risk register, corporate policies, and control library to establish relationships between all 35 programs, which resulted in greater efficiency, agility, and effectiveness across the business. Here are just a few examples of real results achieved from the implementation of Archer within the first year:
- Time to complete assessments and approvals reduced by 60%
- Saved the bank approximately $1.65 million
- Reduced the time and expense involved in managing previously disconnected solutions
- An overall reduction in third-party risk
- Increased participation and effectiveness by 320% in product/service/control assessments
- Increased ability for reporting and visibility of risk for end-users and executive management alike
At CyberSheath, we know cybersecurity processes first, and we use that knowledge and experience to help our partners get real value from Archer. To learn more about our Governance, Risk and Compliance service click the link below to download a datasheet detailing our unique GRC approach for both government and commercial clients.