In our last article, we looked at the challenges of embedding security in agile development in a post-pandemic world. Now let's look at another, potentially more significant hurdle — how to extend that agile philosophy to the service desk organization.
The likelihood of an incident has increased as organizations have rapidly pushed through digital transformation projects to facilitate remote working and collaboration, sometimes knowingly accepting security risks. These risks leave service desks with some critical questions. How do you handle incidents in an agile fashion? Are we able to work with incident management in agile ways across the organization? Does agile bring a new challenge to the service management and broader fraud management teams?
Integrating service desk and cyber security incident management
Based on observations from the past few years, the challenges of integrating service desk and cyber security incident management becomes even more critical in the hybrid world.
The challenge often exists due to a lack of integration across multiple desks and functions throughout the organization, including service desks, help desks, call centers, contact centers, fraud management monitoring centers, outsourced service providers, service availability monitoring centers, to name a few.
Organizations need to take a broader approach and streamline some of the service and help desk functions to create integrated service desk functions. This integration will allow for a more connected and holistic view of the landscape, potential events, respective event triggers and meaningful red flags across the landscape.
Take note of these key considerations:
- What's important? Creating integrated service desk functions can start with getting the various service desk owners and stakeholders in a room to discuss what's important to them. Examples could include:
- Customer services center: The volume of external customer calls per day, key premium customers, ability to monitor the specific customer complaints, resolution times and more.
- IT help desk: The volume of internal customer calls, escalations on key system availability and more.
- Security help desks: The number of incidents and more.
- Alignment. Align stakeholders to the business and create dynamic relationships between events seen at the various stages of business processes and transactions.
- Real-time sources. Work through the ideal real-time source for problem events and the possible transactions that could lead to potential cyber events. For example, a new digital channel launches with increased customer product subscriptions and utilization - could this be linked to potential malicious behaviors across channels?
- Quick response. Discuss early triggers and how best to identify and respond to them quickly. Common security incidents often stress front-end environments, causing issues such as poor application and infrastructure responsiveness. And those front-end stresses are likely to be especially common now, as many new solutions and services spun up during the pandemic will have, understandably, been rushed through to support customers — increasing the potential for UI misconfigurations and capacity issues.
- Who's first? Together, determine which team will see events first, what quick actions they need to take and which to avoid. Also, decide who will perform the escalation and how best to identify the correct steps to be taken? What if a service provider is the key to spotting these attacks, but don't operate 24/7 or are in a different time zone? What if they've had to rapidly change their working arrangements and schedules because of the pandemic — how are they coping with remote working arrangements?
The incident management operating model
With the key considerations in mind, look again at operating models across the organization and focus on creating an incident management operating model aligned to key business activities.
The model should also consider key trigger points across specific business processes — e.g. digital customer journey — and underpin these with risk-based scenario planning. The risk-based scenarios should focus on examining situations, likely inputs, key trigger points and possible events vital to detecting the scenario at inception or soon afterward.
Once definitions are finalized, the various service desks should implement specific actions and link them to the central incident management teams to provide insights with immediate effect.
The use of artificial intelligence and machine learning
One can consider using artificial intelligence and machine learning (PDF 1.8MB) to provide baselines of good and expected behaviors. Anything outside of the normal will automatically provide contextual information and trigger initial response steps through security orchestration and automation. Reducing reliance on human operators, cutting down on personnel dependencies and costs, will likely be especially important in the current economic climate.
It's also essential to consider the overall operating model and interactions across functions when establishing a whole incident management approach. All of these must always be refreshed in-line with the changing environments and involve relevant third parties. It should also acknowledge any regulatory reporting requirements concerning operational incidents and fraud reporting.
And lastly, don't simply expect security incident management teams to be the heroes during a large incident. Although they are critical, security is everyone's job, and incident management starts at the front end of the business.
Throughout this article, “we”, “KPMG”, “us” and “our” refer to the network of independent member firms operating under the KPMG name and affiliated with KPMG International or to one or more of these firms or to KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.