| When CyberMedia News reported on the recent | | | | effective risk management tools. The question |
| phishing attack on ICICI customers one thing | | | | is, is that good enough?With increasing |
| that stood out was that it was conducted in a | | | | sophistication in internal and external |
| highly sophisticated and well-planned manner. | | | | fraud, organisations must transcend their |
| perpetrators had completely replicated ICICI | | | | comfort zones and rely more on prevention |
| Bank's net banking website hoping to get | | | | than on post mortems.A comprehensive risk |
| account holders to reveal their access | | | | management policy would encompass various |
| information. It was an alert customer that | | | | types of potential internal and external |
| brought the fraud to the bank's notice. To | | | | risks, the measures to control them, and the |
| its credit, ICICI acted quickly and minimised | | | | damage control process if the organization |
| the damage.One of the reasons the bank could | | | | faces a real risk situation.This not only |
| contain the damage early was that it had a | | | | readies the organization to take swift |
| robust Risk Containment unit, which went into | | | | action, based on predefined risk triggers, |
| overdrive. The fraud was identified quickly, | | | | but also sends a clear message to its |
| the damage control was swift and the | | | | internal and external stakeholders, that the |
| perpetrators were nabbed within a few | | | | enterprise is alert to possible risks.The |
| days.Fraud is not restricted to the banking, | | | | episode at ICICI Bank cannot be taken in |
| finance or retail industry. Every | | | | isolation. It is just a sign of things to |
| organization is susceptible. This time ICICI | | | | come. According to the Anti-Phishing Working |
| bank was the victim, but tomorrow any | | | | Group's website, phishing is on the increase |
| organization could be the target.Madhabhi | | | | in India.Its time to ask yourself how |
| Puri Buch, senior general manager, ICICI | | | | vulnerable your organisation is, and whether |
| Bank, noted that private banks in India have | | | | it is geared to deal with the |
| implemented processes to combat such crimes. | | | | risk.________________________________________ |
| While it is true that most organizations have | | | | _______Hitesh Asrani is Director of the Risk |
| implemented some measures in part, clearly | | | | Management Enterprise, CRP Technologies, and |
| defined Risk Mitigation Policies in the | | | | has a deep-rooted passion for nurturing |
| Indian business scenario are still a | | | | ethical governance in India Inc. His ideas on |
| minority.Risk can enter an organisation | | | | Risk Mitigation are featured in his book |
| through only two doorways: people and | | | | "Walk The Talk." Visit the CRP Blog for more |
| processes. Organizations are realizing the | | | | Risk Management updates.This article may be |
| value of pre-employment screening, vendor | | | | reprinted as long as the resource box is left |
| reference checks and internal audits as | | | | intact and all links are hyperlinked. |