Can Risk Management Prevent Phishing?
Posted on August 12, 2008
When CyberMedia News reported on the recent phishing attack on ICICI customers one thing that stood out was that it was conducted in a highly sophisticated and well-planned manner. http://www.ciol.com/content/news/2006/106021019.asp
The perpetrators had completely replicated ICICI Bank\'s net banking website hoping to get account holders to reveal their access information. It was an alert customer that brought the fraud to the banks notice. To its credit, ICICI acted quickly and minimised the damage.
One of the reasons the bank could contain the damage early was that it had a robust Risk Containment unit, which went into overdrive. The fraud was identified quickly, the damage control was swift and the perpetrators were nabbed within a few days.
Fraud is not restricted to the banking, finance or retail industry. Every organization is susceptible. This time ICICI bank was the victim, but tomorrow any organization could be the target.
Madhabhi Puri Buch, senior general manager, ICICI Bank, noted that private banks in India have implemented processes to combat such crimes. While it is true that most organizations have implemented some measures in part, clearly defined Risk Mitigation Policies in the Indian business scenario are still a minority.
Risk can enter an organisation through only two doorways: people and processes. Organizations are realizing the value of pre-employment screening, vendor reference checks and internal audits as effective risk management tools. The question is, is that good enough?
With increasing sophistication in internal and external fraud, organisations must transcend their comfort zones and rely more on prevention than on post mortems.
A comprehensive risk management policy would encompass various types of potential internal and external risks, the measures to control them, and the damage control process if the organization faces a real risk situation.
This not only readies the organization to take swift action, based on predefined risk triggers, but also sends a clear message to its internal and external stakeholders, that the enterprise is alert to possible risks.
The episode at ICICI Bank cannot be taken in isolation. It is just a sign of things to come. According to the Anti-Phishing Working Group\'s website, phishing is on the increase in India.
Its time to ask yourself how vulnerable your organisation is, and whether it is geared to deal with the risk.
_______________________________________________
Hitesh Asrani is Director of the Risk Management Enterprise, CRP Technologies, and has a deep-rooted passion for nurturing ethical governance in India Inc. His ideas on Risk Mitigation are featured in his book Walk The Talk. Visit the CRP Blog for more Risk Management updates.
This article may be reprinted as long as the resource box is left intact and all links are hyperlinked.
_______________________________________________
What Is Phishing?
Every year millions of innocent people find themselves victimized by phishing. No, I'm not talking about an American rock band or the art of casting y...
What is Phishing?
In the world of computers, phishing has become big business.
Phishing, or attempting to gather information of a more sensitive nature such as logins,...
What Is Phishing And How To Safeguard Against It
Every time you open an email you may be subject to a phishing attack. If you are not wary you could find yourself facing months and maybe even years ...
What is Phishing?
Phishing is the act of convincing or tricking a user into giving away personal information. Phishing can come in all kinds of flavors. They can come i...
How to Avoid Internet Theft, Fraud and Phishing
To keep yourself secure online there are a few precautions you should take. The internet is one way that people can accumulate personal information ab...
UTM Prevents Your SME Network From Looking Like an ATM
A normal ATM that you get lunch money out of should be as secure as a bank vault, but just like that ATM has to be filled up everyday by someone - you...
Why Using Non-Conventional Security Awareness Training is Crucial!
Financial Institutions can look to more in-depth examinations this year since the FDIC issued FIL-105-207, which updated the IT Examination Officer's ...
How To Protect Yourself Against Holiday Identity Theft Traps
Holidays are a dangerous time in terms of identity theft whether because of people using their credit cards more often, or because they are less care...
How Poor Business Ethics Led To The Collape Of Enron Ethics
The Enron Corporation was one of the largest companies which sold electricity and natural gas, distributed energy and other services like bandwidth in...
Top Internet Scams Today
The Internet, as well as being a marvelous resource, is also a playground for rogues. Unfortunately, opportunists of many different forms find prey o...
Malware - Preventing Hidden Attacks
As more computer owners learn about spyware and its damaging effects on our PC's, there is still a hidden threat that hasn't made front-page news yet....
Threat of Viruses Not "Solved’ Just Yet
A recent article in Information Week quotes the chairman and CEO of prominent antivirus company Symantec as saying that the problem of worms and virus...
Dont Let Phishers Fool You
Banks and credit card issuers lose annually billions of dollars (and other currencies) because of online phishing, and there is practically no Web use...
Is Your Computer Being Spied On?
The best way to find out whether your computer is infested with spy-ware, ad-ware, dialers, and all of the other fun programs is to use a tool to clea...
Fraud and Corruption - A Strategic Direction
Nobody likes to be misled, especially by people they trust or have an expectation will do the right thing, whatever that is. Fraud and corruption can...
» Filed Under
Business Ethics Courses