July 30, 2020 By Kanad Jha 4 min read

Many business leaders struggle to efficiently respond to risk and compliance needs because of the complex regulatory landscape, ever-evolving risk scenarios and inconsistent internal processes. It’s only been more recently that organizations have embraced enterprise integrated risk management (IRM) tools to overcome a siloed approach of managing risk and compliance data.

The advent of these tools has brought people, processes and data closer, resulting in enhanced operational efficiency and governance. Enterprises aspire to get a holistic view of the risk and compliance posture of their organizations. IRM tools facilitate this by providing persona-specific context around data.

And, the right data at the right time is essential for business managers to make risk-aware decisions. However, a manager trying to evaluate a technology also must be aware of a technical weakness. It is critical for system criticality, upstream and downstream process information to be available in order to accurately assess the risk. For example, two similar databases with similar vulnerability (one containing personally identifiable information data and the other containing transaction logs) will have very different regulatory risk impact.

Today’s advanced technologies can provide the necessary efficiencies in the IRM space by supplying deeper insights into its existing data. Learn more about which specific technologies can provide positive advantages.

 

Integrated Risk Management and Modern Tech

IRM solutions rely on data points provided manually or captured from external data sources. IRM solutions are integrated with multiple third-party tool sets to achieve specific objectives and derive maximum value. Examples include the integration of a vulnerability management tool to gather weakness to IT assets or the integration of security information and event management (SIEM) to handle cyber incidents.

Both integrations cater to a bigger purpose in terms of governance. Vulnerability data can be used for risk management. SIEM data can be used to create incidents metrics and evaluate the cyber risk exposure for the organization. Thus, IRM tools continue to be the central tool in the cyber security universe, in which all supporting tools feed data into. Leaders get a single look at much of the interconnected data effectively. And, advanced technologies, such as robotic process automation (RPA), artificial intelligence (AI), blockchain, security orchestration and automated response can offer an even deeper look into this data.

Robotic Process Automation

Organizations are trying to reduce manual repetitive tasks to bring in more efficiency by using this technology. In an established process, large amounts of processes can be fully or partially automated using RPA technology.

According to the National Association of Software and Services Companies, RPA implementation can help companies with a “cost reduction of 35% to 65% for onshore process operations, a 10% to 30% reduction in offshore delivery and an investment recovery period as short as six to nine months.”

Some IRM processes that can be optimized using RPA technology are:

    • Control Testing: Large number of controls analyzed manually can be automated using bots. The possibility of automating administrative controls testing can also be explored. This could reduce the control testing life span significantly.
    • Metrics Analysis: Organizations rely on metrics data to monitor variety of aspects like risk, performance and improvement areas. Gathering the metrics periodically and analyzing the trends using bots can result in operation efficiency.
    • Internal Audit: Use of RPA in audits will remove an auditor’s repetitive tasks and allow them to focus on more critical tasks. Some tasks might include evaluation of backup logs, administrative privilege review, extract data for change management review, track evidence collection and report preparation.

AI

International Data Corporation predicts by 2024 enterprises powered by AI will be able to respond to customers, competitors, regulators and partners 50% faster than those not using AI. Use of AI in existing processes can bring in efficiency by predicting and providing recommendations. Business leaders will be better prepared to respond to situations as they unfold. AI use cases with an IRM are:

    • Mitigating Control for Risk: A great deal of responsibility rests with the risk management team of the organization to manage its risk universe and propel the organization to growth. AI plays an important role in predicting new risks and suggesting mitigating controls.Changes in the external scenario can give rise to new risk or modification of existing risk. In both cases, AI can be very efficient in predicting a new risk or suggesting mitigating controls for existing risks. This technology analyzes the existing mitigating controls effectiveness and suggest alternative corrective actions.
    • Risk from Unprecedented Events: The failure of a server can be evaluated to a greater accuracy by seasoned risk managers because these events are not that uncommon. However, global events, such as Covid-19, are rare so evaluating risk for these events can be difficult. Relying on AI predictive capability can come in handy in such situations.
    • Reputational Impact: How an organization is perceived in the marketplace has evolved as one of the key parameters to ascertain the reputational impact of the company. Sentiment analysis through social media posts related to an organization can provide a wealth of knowledge in this space. This concept is used in a third-party risk management process or to analyze the quality of services a vendor offers.

Blockchain

The coronavirus has provided a reality check for organizations’ business resiliency strategies. Companies have started focusing on third-party risk management. During this crisis, many entities are also going out of business, as vendors could not supply the agreed services. Or, vendors are going out of business because clients couldn’t honor commitments. Plus, small-scale vendors find it hard to spend exorbitant legal fees to create binding contracts. They also refrain from participating in larger contracts because of similar reasons.

Blockchain smart contracts can be an effective way to deal with these situations. Smart contracts are small programs which are automatically executed when trigger conditions, such as the transfer of funds to the car seller will immediately trigger ownership transfer process, are met.

Currently, this is best suited to handle payment milestones and penalties transactions from a contract. When client and vendor are on-boarded to the blockchain ecosystem, fourth-party management and vendor performance metrics become easier.

Security Orchestration Automated Response

Organizations are embracing various tools to provide efficiencies to security operations. SIEM helps organizations to collect security incidents. SOAR helps triage and handle the incident effectively. Traditionally a SOC team uses a playbook or task list based on an incident category to troubleshoot security risks. This technology can help automatically take actions against predefined tasks. Common use cases are:

    • An analyze login attempt failure to be genuine or an indication of a brute force attack
    • Maintain baseline across assets and execute a patch remotely
    • Crosscheck signature across intelligence tools and execute blocks
    • Reporting and dashboards

These technologies free up SOC analysts to perform more critical tasks, including critical incident investigation and forensic analysis.

Lots of organizations are already experimenting with similar automation opportunities to bring in more operational efficiency and enhance data insight. Every organizations IRM journey is unique, and no single recipe will fit all. Carefully embracing these technologies will propel existing IRM solutions to become future-ready.

Learn More about IT Risk Management Services

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today