News & Events

Cybersecurity Program Development Series – Part 1

Part 1: Market Trends Impacting Cybersecurity and Compliance Program Design

Mark Dallmeier, Contributing Author

MARKET TRENDS

Over the last five years a number of high-profile hacking and data breach events have created a tectonic shift in terms of executive level awareness and interest in cybersecurity. This website provides a visual image of the data breaches by date and size:

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.

As the media became intrigued with Hacking and cybersecurity and began to sensationalize the criminal events and activities performed by various groups executives and boards of directors became more aware of the risk that their organizations, employees and customer were facing on a daily basis.

These breaches exposed consumers and businesses to significant criminal exploitation and risk; the very thing that regulatory compliance such as PCI, HIPAA, SOX, NIST and others were created to mitigate. Based on these trends PCI, HIPAA and other regulatory bodies began to implement more aggressive enforcement of regulations, resulting in the increase of fines, penalties and other disruptive actions against organizations that have been breached or that are found to be out of compliance.

The increase of Data Breaches, Phishing, Ransomware and Regulatory actions over the last 24-36 months has caused an increase in executive level attention and awareness on cybersecurity and regulatory compliance. This has resulted in many executive teams and boards of directors to allocate more capital and operating budget towards cybersecurity and compliance. These groups are also beginning to work through the process of how best to measure, track, report and communicate about these topics among themselves and their management team, employees, vendors or partners.  

At this point in time, there is significant work that needs to be done throughout the industry in terms of establishing effective cybersecurity and compliance risk metrics and measurements, how best to report against these metrics, and how best to communicate and collaborate about these topics. Cybersecurity and Compliance teams are struggling with how best to communicate to Executives and Board of Directors about these topics as the level of knowledge and understanding of cybersecurity and compliance topics at Executive and Board levels of organizations is still developing. That said, the number of training and certification courses around these topics that are specifically designed for Board Directors and Executives is increasing significantly. Many Executive Teams and Boards still approach cybersecurity and compliance topics through two main lenses or perspectives: A) Are we fulfilling our Fiduciary Duty, and B) How do these topics impact our Risk Management program and approach.

Note: Vertek has completed a series of Executive Level Presentations on How to Communicate About Cybersecurity to the C Suite and Board of Directors. Reach out to us at www.vertek.com for a copy of those presentations.

The increase of threats and risks, the diversification of threats and attack methods are core items and trends to consider as companies attempt to design and build sustainable cybersecurity and compliance programs. At the same time, cybersecurity and compliance awareness, education, comprehension and communication at all levels of an organization, are additional items and trends to understand and consider as a company begins to design and build their programs.

TECHNOLOGY & BUSINESS TRENDS

Below are a few additional trends to take into consideration while designing a cybersecurity or compliance program:

  • Security scans and services being performed by traditional Security Operations Centers (SOCs) are expanding. This expansion of scanning and services is beginning to transform the traditional SOC into a Security Intelligence Center (SIC). Security Intelligence Centers provide all of the same scanning, reporting, remediation support services that SOCs provide but are also scanning and reporting on threat types and activities at a local, regional, national geographic, financial, political levels. This provides a holistic view of cyber, physical, financial and military or criminal threats occurring across a country or within a specific, state, city or physical location. Read more about this trend by viewing this video: https://www.darkreading.com/operations/from-soc-to-sic-transforming-security-operations-centers/v/d-id/1324523
  • Threats are becoming highly focused, more targeted and organized and can be orchestrated utilizing unsuspecting human & cloud (or other) technology assets. There have been many recent alerts published by the federal government and various agencies such as the FBI about the increase of Phishing, Spear Phishing and Whaling. General Phishing is a broadcast email that is cast out to thousands or millions of email addresses at one time. Spear Phishing typically targets a group of people, an organization or a large number of organizations while Whaling targets specific individuals and through social engineering methods, spoofs or exploits those individuals causing them to disclose passwords, send sensitive data, provide access to protected systems or wire transfer small or large amounts of money. These trends are alarming and increasing in frequency but they can be directly mitigated with Security Education Training and Awareness, policy documentation and ongoing enforcement and education. Over the last 12-36 months the number of books, articles and presentations at major industry events such as RSA, Blackhat and Defcon around of “Hacking the Human” has increased. Hackers and criminals are exploiting human nature and the general lack of cybersecurity and risk understanding, awareness or consciousness within employees and consumers. This is a “back to future” trend where hackers and criminals are utilizing malicious physical techniques for committing crimes and fraud and blending those techniques with cyber-attack methods. These Social Engineering attack trends need to be taken into consideration when developing cybersecurity and compliance programs.
  • Cybersecurity and Compliance programs across most industry segments are still immature and are evolving. They are also still being integrated into larger more established Risk Management programs. Using the CMMI maturity model as a baseline (0 being reactionary and unautomated 5 being fully automated and proactive), a large percentage of organizations across most industries are at a low maturity level in terms of their cybersecurity and compliance programs. That said, with the rate of change occurring around threat types, methods and frequency, and the trends mentioned above, even organizations that have mature cybersecurity and compliance programs are needing to re-architect and optimize their architecture, organization design, service types and programs. This includes determining how best to integrate cybersecurity and compliance into existing Risk Management and Governance programs, models and methods.
  • Businesses and organizations of all sizes and types are targets – not just large global enterprises. Also, cyber insurance is becoming pervasive in the market. The majority of industry research published over the last 3 years has highlighted that small businesses across all industries and geographies are being targeted and are more prone to cyber-attacks. They also have a larger mortality rate post attack than larger more financially viable companies. While cyber insurance is becoming pervasive the need to have an experience attorney and broker involved in the process is high. There are many exclusions and nuances to cyber insurance contracts that need to be considered prior to securing the insurance. These nuances can provide the insurer an opportunity to refuse coverage in the event of a breach or social engineering occurrence.
  • The government is becoming more active in terms of promoting cybersecurity awareness and assisting local businesses with responding to attacks. Over the last 36 months, the government has increased its awareness campaigns and regional activities to work with states, cities, local municipalities and commercial businesses and leaders to share information and intelligence on cyber-attacks and threats. Organizations such as Infragard are actively involved with local businesses and leaders and work with the federal government and agencies to create information and intelligence sharing and distribution pipelines to better prepare organizations for threats and assist them with responses to cyber, terror or criminal attacks.

The trends mentioned above are critical items to consider when approaching how best to design a sustainable cybersecurity and compliance program.

Look out for Part 2 of this series that will cover Cybersecurity Program Design and Build Considerations.

Unified Communications and Work From Home is a Perfect Match!

by Kevin Slate

Companies using Unified Communications as a Service grew over 29% over the last few years according to Synergy Research this year. Even before the pandemic, this is no surprise when you take into account the all-in-one platform features and flexibility of the technology. Some additional statistics published by UC today include:

  • Over 75% of UCaaS users were more productive
  • 80% of respondents in a Frost and Sullivan whitepaper reported increased uptime as a major benefit to UCaaS
  • 74% of business CFOs say that the cloud will have the most measurable impact on their company’s transformation
  • 41% of respondents said UCaaS solutions could help them overcome specific challenges

Considering this, companies that adopted unified communications were optimally positioned to need the needs of employees while giving customer’s a seamless experience whether the employee was at home or at the office.

According to RingCentral, UCaaS is arguably the most important tool for a remote workforce, and it’s crucial to make the right choice when it comes to selecting a UCaaS solution. Here’s what to look for:

Reliability: When teams work apart, any disruption to their ability to communicate with each other is a potential showstopper, in the worst sense of the word. If communications go down, the thread is lost, the meeting is over, and work can’t resume until your solution is back up and running. To reduce this risk, look for a provider that has all the backups in place to be able to guarantee 99.999% uptime SLA, ensuring that service is always up and running.

Security: Whether intentional or accidental, exposing company or customer data can be devastating to a business. And outside of the controlled office environment, the potential risk of a breach can be even higher. As such, best-in-class security is one of the most important things to look for in a UCaaS solution. Look for a provider that offers transparency and specificity about all of its cloud security practices, conducts third-party audits of its procedures, and can answer any questions you may have about its protocols. If your industry is subject to specific regulations, such as HIPAA or HITRUST, it’s important to confirm the provider understands and stays on top of the rules and is fully compliant.

Integrations: Communicating is just one of many tasks employees perform throughout the day. Whether it’s customer relationship management software, project management solutions, or something else, workers are likely using many other tools to get their jobs done. A UCaaS solution that integrates with other business solutions can reduce the friction, complexity, and wasted time that often results when employees are required to use multiple apps.

With all the benefits of UCaaS, companies should strongly consider unidied communications to help drive the new normal of working from home. Clover can partner with your company to identify the right solution that meets the needs of your remote workforce. Contact Clover at sales@clovercore.com to learn more.

Customer Success! – A Local Regional Bank with Big Communication Needs

by: Kevin Slate

Recently, Clover was offered the opportunity to support a long-term banking client through challenges that they faced with their existing Contact Center as a Service (CCaaS) solution.

The bank has over 60 contact center users and faced challenges daily being able to rapidly deploy new products or services in a timely manner related to the pandemic and customer-facing technology initiatives. The bank’s technology team was frustrated at the cost of the solution as well as the lack of urgency related to change.

The Clover team quickly stepped in to support the bank through driving active changes to the current environment to support ongoing contact center operations. Once stabilized, the Clover identified that the CCaaS solution that was being used for the customer wasn’t the right fit! While the bank had a comprehensive list of technical requirements, the solution fit was not optimal because the current solution was designed for much larger organizations with large support teams that specialized in contact center software. The bank was paying over one million dollars a year for the wrong solution!

Clover worked with the bank to identify and procure a solution that more appropriately aligned with the customer’s needs while not sacrificing any of the capabilities that the bank enjoyed from the current solution. Additionally, the new solution reduced the overall monthly spending by greater than 40% with no loss of features!

This type of challenge and success is common with organizations that use contact center solutions today. The Global Contact Center Software Market was valued at USD 18.14 Billion in 2018 and is projected to reach USD 53.65 Billion by 2026, growing at a CAGR of 14.5% from 2019 to 2026. Clover clients are utilizing contact center for digital transformation and taking advantage of nimble CCaaS providers that can meet the needs for a modern contact center solution.

Let Clover help you understand Contact Center as a Service (CCaaS) or assist in evaluating if your current solution is the right fit for your organization. Email Clover at sales@clovercore.com to learn more.

Vendor Spotlight – ControlNet

by Kevin Slate, VP, Technology

Recently, I spoke with Paul Lowrie, CEO of ControlNet to find out about the latest member of the Clover solution portfolio. ControlNet is a leader in developing risk management and control solutions for enterprise customers.

Paul, What solutions does ControlNet provide and who is its clientele?

ControlNet provides risk management and control solutions. Our solutions are flexible, allowing organizations to link their current risk management platforms with our controls module and providing complete visibility of business-wide controls and checklists. 

For businesses needing an all-encompassing solution, we offer implementation of a full risk management program, providing end to end management of risk and control covering all three lines of defense; business, operational risk and audit. 

Our clients range from large financial services organizations such as Royal Bank of Canada who have deployed our software globally, to smaller boutique firms using ControlNet to strengthen their control environment. While our initial clients were in the financial services industry, the solution is industry agnostic and can equally be deployed in any industry sector.

What do you feel are the benefits of working with ControlNet versus your competitors?

ControlNet is a challenger to some of the larger players in the development of risk software. While the larger players have dominated the market, they are often using older, less flexible technology. At ControlNet we can be more agile in responding to our customers’ needs.

We pride ourselves on our ability to provide a stronger user experience, utilizing customer feedback to address the concerns and needs of our clients regarding their existing solutions.   

We put our customers first, with our primary focus on ensuring ControlNet addresses their requirements to reduce risk, increase business wide visibility and provide accountability for their control environments in a user-friendly way.

What is a recent success that you would like to highlight?  How did ControlNet help the customer?

Let me share an abbreviated case study from one of our recent clients:

Who – Global Financial Services Organisation

Problem to Solve– Global Head of Operations based in London. Processing centres across the world. Lack of visibility of controls.

How did ControlNet help:

  • Moved paper-based and excel spreadsheets into a single source for business controls
  • Evidence uploaded to the controls removed the need for evidence in SharePoint sites
  • Provided alerting to managers when controls go overdue or fail which allowed proactive management of control issues before they became error losses
  • Reduced costs across the business from the execution of controls to preparing reporting / MI

Business Case?

  • Green Solution – Paper based checklists discontinued
  • Cost Reduction – Fewer operational losses, fewer audit points / less time spent with auditors, less time managing controls, MI on demand
  • Demonstrable compliance with policies and regulations
  • Supported by external auditors

What would you say is unique about ControlNet in your industry?

Market research suggests that there are very few solutions able to provide control management at such a granular level. Most industry standard solutions focus on risks at an aggregated level, while the substantiation of the performance of the controls is often carried out on paper checklists or excel spreadsheets.

ControlNet is unique by providing this necessary level of detail in one system. Each control can be mapped against business hierarchies, key risks, internal and external policies and regulations and company products. Evidence can be uploaded to support the status of the control, comments can be added and actions can be raised and assigned. Alerting capability can be implemented and a dashboard provides users full visibility of the control environment, allowing better management of all controls and the presentation of risks.

What are the biggest challenges that the primary industry you are serving faces today? What do you see on the horizon?

The primary challenge we see in the financial services industry is the volume of controls being managed across many different locations and in many different ways. MI is often reactive, provided in an inconsistent way and usually 3 or 4 weeks after the month for which the data is collected. ControlNet allows organizations to manage controls consistently and proactively, providing a real time view of the status of controls and corresponding actions.

The increased number of people working remotely, coupled with an increased requirement for the implementation of COVID-19 related checks and controls means the traditional methods of paper based and excel checklists are no longer viable.  

We are already seeing clients use ControlNet to automate responses by using AI technology and / or Bots. As this technology grows across industries we anticipate more automation of the control environment with even more proactive management of risk to mitigate error losses and risk events.

To find out more about ControlNet visit our website www.ctrlnet.net or contact sales@clovercore.com to arrange an introductory, no obligations demo.

Connect with Clover

  • This field is for validation purposes and should be left unchanged.