By Julie Lev, Director, ERP Cloud Product Marketing, Oracle
The dramatic rise in the number and sophistication of cyberattacks in recent years has led many organizations to prioritize data security and privacy in an age of tightening data-governance regulation. In fact, cyber incidents topped the list of risks to businesses worldwide in the 2020 Allianz Risk Barometer—a dramatic rise from 15th place, where it sat just seven years ago.
But according to Aman Desouza, product strategy director at Oracle, these organizations may not be as prepared to defend themselves as they think. In a new Oracle video presentation, How to Reduce Risk and Improve Governance in Cloud Applications, he and product manager Dane Roberts argue that without artificial intelligence (AI) and sophisticated automation powered by cloud technology, vulnerabilities in finance, HR and supply chain software can lurk undetected until exploited by malicious players.
Emerging technology such as AI, machine learning (ML), Internet of Things (IoT), and 5G wireless networks have been a boon not just to industry, but to cybercriminals as well. Spear phishers, who target victims by posing as trusted email senders, are using AI to up their game, scouring the web for personal information to make their approach more believable. AI can even help cyber criminals recreate a target’s voice to bypass security protocols. Just last year, the CEO of a UK-based energy firm, thinking he was on the phone with the head of the parent company, transferred more than $240,000 to a Hungarian supplier’s account. Meanwhile, the proliferation of IoT devices is multiplying the number of vulnerabilities for cybercriminals to exploit by orders of magnitude, while the speed and bandwidth of 5G will likely make attacks far more frequent and efficient.
Even as attacks become more damaging, governments around the world are passing legislation to regulate the way that corporations manage sensitive data. Whether intended for consumer privacy (Europe’s GDPR and California’s CCPA, among others) or safeguarding shareholder rights and ensuring financial responsibility (eg. Sarbanes-Oxley in the U.S.) these regulations impose resource-consuming burdens in terms of data governance and auditing.
Desouza and Roberts demonstrate how a complex organization can have security protocols in place and still expose vulnerabilities and regulatory noncompliance. Access rules can have multiple layers and dimensions—not just job role and duty role but also business unit, geographical location, data access set, data role and more—all of which could open a back door that allows an employee to (wittingly or not) violate a data governance rule such as separation of duties (SOD). By leveraging AI, a modern cloud-based risk management solution can offer secure role design (so vulnerabilities are identified and remediated during design before they are propagated to all users), deep SOD analysis (to ensure that the confluence of multiple roles don’t create conflict), and sensitive access certification for each and every role.
But controlling user access is just the foundation of robust risk management to ensure security. The next level is monitoring transactions and configuration changes for suspicious activity to prevent fraud. Here’s where integrated AI and the computational power of the cloud really comes into play. Rather than manually sampling transactions for periodic review, a built-in risk management cloud solution can monitor and analyze all transactions, as they happen, to stop fraudulent or risky activity in its tracks. Finally, a modern solution can streamline compliance with dashboards and workflows that balances risk management and efficiency. With the capabilities of cloud-based risk management, your organization can deploy a robust risk-management overlay without adding additional headcount or other resources.
We think that Oracle Risk Management Cloud addresses all of these best practices and more with four areas of value:
Remember that every dollar saved from fraud or error goes directly to your organization’s bottom line. But here’s something else to bear in mind: Organizations typically fail because of strategic risk, yet CFOs and COOs spend time primarily on managing financial reporting and operational risk. When you automate financial and operational risk management, you free up time, resources and human brain power for analyzing strategic risk.
Has your organization truly secured its most critical ERP processes to keep up with the rapid pace of change and the evolving security/compliance landscape? Watch the webcast for a lively discussion of best practices and an illuminating demonstration of the tools available to help you secure your ERP processes, give your team more financial oversight and protect your company from fraud and error.