Identifying and Preparing for Emerging Industry Risks Samuel Jabbour, Natalia Nincevic, Mary Kate Truss, Justin Simmons, and Vivian Wu
Ransomware Change Fatigue Emerging Risks Ransomware Change Fatigue Risk that takes the form of a systematic issue or business practice that has: Not previously been identified Been identified but dormant Yet to rise to an area of significant concern All of the above
Ransomware
Ransomware Ransomware attacks were predicted to be a $1 Billion dollar business by the end of 2016 -FBI Ransomware attacks have increased 6,000% in 2016 and are in almost 40% of spam messages -IBM Security Ransomware attacks were most common in the financial services and healthcare industries -Malwarebytes
Ransomware What is Ransomware? Ransomware is a type of malware that infects a system and blocks access to the victim’s data. The virus then threatens to perpetually block access to the data or publish it unless a ransom is paid Ransomware
How Does A Ransomware Infection Occur? The most common way is in an email messages that is carrying downloader Trojans (phishing) Websites hosting exploit kits, which attempt to exploit vulnerabilities in the browser or other software
Issue With Ransomware The biggest issue is if a computer containing Non- public information (NPI) becomes infected Ransomware spreads like most malware. So if a single computer is infected, it can spread through various means to others on the network So if a system without any NPI is affected, it can potentially spread to one that does contain NPI
Hypothetical Scenario Server Server
Hypothetical Scenario Server Server
Mitigation Strategies What We Do Additional Strategies Regularly patch software & system Whitelisting software apps running on machines Educate and inform employees about phishing and other exploit attempts Have at least three backups of the data (3-2-1 rule) Additional security required to use UIs that connect to production servers Expand use of two factor authentication Blacklist checking
Change Fatigue
Change Fatigue is the #1 Emerging risk for Q2 2017 The risk of increased employee fatigue and diminished productivity due to high frequency of change initiatives, or poorly operated change initiatives Change Fatigue
Disruptions Effect on Change Fatigue New Players Blend Competitor Partnerships Corelogic & Ellie Mae Large Fintechs Entering Market Finastra has large capabilities Changes in our Industry Consumer behavior Client demands Supply of products & services Organizational Changes Black Knight Stays Competitive Through Innovation Change Management New Policies With this growth will come change management and with change management comes the potential to cause change fatigue. Large-scale Projects
Failed Change Management & Change Fatigue Unintended Consequences Burnout Disengagement Decreased Productivity Increased Turnover Change Resistant Reasons for Failure and Fatigue Poor Communication Poor Design
Organizational Readiness Pyramid of Readiness Mitigation Strategies Fail Fast & Fail Cheap Survey employees on their stress levels and satisfaction Communicate the change initiative to all affected employees Support a high changing culture Use a granular step model Keep ERM & ISO involved throughout the process Ready for Change Individual Readiness Change Agents Target Population Communication Organizational Readiness Scope Definition Stake Holder Analysis Measurement
Questions?