| When CyberMedia News reported on the recent | | | | tools. The question is, is that good enough?With |
| phishing attack on ICICI customers one thing that | | | | increasing sophistication in internal and external fraud, |
| stood out was that it was conducted in a highly | | | | organisations must transcend their comfort zones and |
| sophisticated and well-planned manner. perpetrators | | | | rely more on prevention than on post mortems.A |
| had completely replicated ICICI Bank's net banking | | | | comprehensive risk management policy would |
| website hoping to get account holders to reveal their | | | | encompass various types of potential internal and |
| access information. It was an alert customer that | | | | external risks, the measures to control them, and the |
| brought the fraud to the bank's notice. To its credit, | | | | damage control process if the organization faces a |
| ICICI acted quickly and minimised the damage.One of | | | | real risk situation.This not only readies the |
| the reasons the bank could contain the damage early | | | | organization to take swift action, based on |
| was that it had a robust Risk Containment unit, which | | | | predefined risk triggers, but also sends a clear |
| went into overdrive. The fraud was identified quickly, | | | | message to its internal and external stakeholders, |
| the damage control was swift and the perpetrators | | | | that the enterprise is alert to possible risks.The |
| were nabbed within a few days.Fraud is not | | | | episode at ICICI Bank cannot be taken in isolation. It |
| restricted to the banking, finance or retail industry. | | | | is just a sign of things to come. According to the |
| Every organization is susceptible. This time ICICI bank | | | | Anti-Phishing Working Group's website, phishing is on |
| was the victim, but tomorrow any organization could | | | | the increase in India.Its time to ask yourself how |
| be the target.Madhabhi Puri Buch, senior general | | | | vulnerable your organisation is, and whether it is |
| manager, ICICI Bank, noted that private banks in | | | | geared to deal with the |
| India have implemented processes to combat such | | | | ____________Hitesh Asrani is Director of the Risk |
| crimes. While it is true that most organizations have | | | | Management Enterprise, CRP Technologies, and has a |
| implemented some measures in part, clearly defined | | | | deep-rooted passion for nurturing ethical governance |
| Risk Mitigation Policies in the Indian business scenario | | | | in India Inc. His ideas on Risk Mitigation are featured in |
| are still a minority.Risk can enter an organisation | | | | his book "Walk The Talk." Visit the CRP Blog for |
| through only two doorways: people and processes. | | | | more Risk Management updates.This article may be |
| Organizations are realizing the value of | | | | reprinted as long as the resource box is left intact |
| pre-employment screening, vendor reference checks | | | | and all links are hyperlinked. |
| and internal audits as effective risk management | | | | |