In our last article, we looked at the challenges of embedding security in agile development in a post-pandemic world. Now let's look at another, potentially more significant hurdle — how to extend that agile philosophy to the service desk organization.
The likelihood of an incident has increased as organizations have rapidly pushed through digital transformation projects to facilitate remote working and collaboration, sometimes knowingly accepting security risks. These risks leave service desks with some critical questions. How do you handle incidents in an agile fashion? Are we able to work with incident management in agile ways across the organization? Does agile bring a new challenge to the service management and broader fraud management teams?
Based on observations from the past few years, the challenges of integrating service desk and cyber security incident management becomes even more critical in the hybrid world.
The challenge often exists due to a lack of integration across multiple desks and functions throughout the organization, including service desks, help desks, call centers, contact centers, fraud management monitoring centers, outsourced service providers, service availability monitoring centers, to name a few.
Organizations need to take a broader approach and streamline some of the service and help desk functions to create integrated service desk functions. This integration will allow for a more connected and holistic view of the landscape, potential events, respective event triggers and meaningful red flags across the landscape.
Take note of these key considerations:
With the key considerations in mind, look again at operating models across the organization and focus on creating an incident management operating model aligned to key business activities.
The model should also consider key trigger points across specific business processes — e.g. digital customer journey — and underpin these with risk-based scenario planning. The risk-based scenarios should focus on examining situations, likely inputs, key trigger points and possible events vital to detecting the scenario at inception or soon afterward.
Once definitions are finalized, the various service desks should implement specific actions and link them to the central incident management teams to provide insights with immediate effect.
One can consider using artificial intelligence and machine learning (PDF 1.8MB) to provide baselines of good and expected behaviors. Anything outside of the normal will automatically provide contextual information and trigger initial response steps through security orchestration and automation. Reducing reliance on human operators, cutting down on personnel dependencies and costs, will likely be especially important in the current economic climate.
It's also essential to consider the overall operating model and interactions across functions when establishing a whole incident management approach. All of these must always be refreshed in-line with the changing environments and involve relevant third parties. It should also acknowledge any regulatory reporting requirements concerning operational incidents and fraud reporting.
And lastly, don't simply expect security incident management teams to be the heroes during a large incident. Although they are critical, security is everyone's job, and incident management starts at the front end of the business.
Throughout this article, “we”, “KPMG”, “us” and “our” refer to the network of independent member firms operating under the KPMG name and affiliated with KPMG International or to one or more of these firms or to KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.