Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
Now that the FFIEC Authentication Guidance update has been issued, there is no more important task for banking institutions than to conduct their risk assessments, says Matthew Speare of M&T Bank Corp.
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-FranÃ§ois Legault, senior manager of forensics and dispute services at Deloitte.
Eddie Schwartz didn't shy away from the offer to become RSA's first chief security officer after the security firm experienced a sophisticated advanced-persistent-threat breach. Instead, Schwartz embraced the hack as the reason to take the job. (See RSA to Get Its First Chief Security Officer.)
Fraud today is global. The same problems happening in the U.S. are simultaneously occurring in other parts of the world. For interested job seekers, there's never been a better time to enter the fraud examiner profession.
The use of social media raises risk management issues, and education is the key to overcoming the common misperception that "you can say anything you want on social media and not have any consequences," says compliance specialist Roy Snell.
"Professionals like me now understand that we are the ambassadors for ethical behavior and should actively encourage other employees to adhere to it," says Alessandro Moretti, a senior risk and security executive.
Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.