Guest: Mark Moore, VP Fraud Strategy and Prevention

Episode Highlights:

• The Fraud-Tech Fusion: Mark shares his unique journey from InfoSec to Fraud, highlighting the increasing overlap between cybersecurity and fraud prevention in today's digital landscape.
• Outsmarting the Scammers: From the resurgence of check fraud on Telegram to sophisticated multi-layered attacks, Mark reveals the latest tactics fraudsters are using and how to stay one step ahead.
• Building a Proactive Defense: It's not just about "whack-a-mole" anymore! Learn how Mark builds proactive fraud prevention strategies, emphasizing the importance of data analysis, collaboration with marketing and digital teams, and utilizing tools like LinkedIn and DefenseStorm's newsletter to stay informed.
• The Ideal Fraud Fighter: Forget the stereotypes! Curiosity, humor, adaptability, and resilience are the key traits Mark looks for when building his team. He also shares insights on using the SFIA framework for effective hiring and training.
• Navigating the Org Chart: Where does fraud prevention fit best within an organization? Mark discusses the pros and cons of embedding fraud teams within IT, risk management, or operations, emphasizing the need for flexibility and understanding each organization's unique strengths.

Key Takeaways:

• The lines between fraud and cybersecurity are blurring, necessitating closer collaboration between these fields.
• Data is key in both fraud and marketing, making cross-departmental partnerships essential.
• Soft skills like curiosity, adaptability, and resilience are just as important as technical skills in fraud prevention.
• Building a proactive fraud defense requires staying informed, utilizing the right tools, and understanding the evolving tactics of fraudsters.
• The ideal organizational structure for fraud prevention varies depending on the company's strengths and culture.

Resources:

International Association of Financial Crimes Investigators

Northwest Fraud Investigators Association

Association of Certified Financial Crime Specialists

Center for Financial Professionals

DefenseStorm

Connect with Mark!

October is looming, and for many, that means the dreaded annual cybersecurity training. But on this week's ByteWise,we're here to tell you it doesn't have to be a snoozefest!

We kick off with Daniela's newfound obsession: the Darknet Diaries podcast. It's a thrilling deep dive into the underbelly of the internet, perfect for getting in the cybersecurity mindset. (Just maybe don't listen to it before bed!)

Then, we tackle the big question: How can we make cybersecurity awareness fun? Forget those click-through slideshows.We're talking:

• The "Inside Man" - a binge-worthy series that had employees begging for more.
• A treasure hunt that turned the office into a playful battleground.
• A phishing contest that pitted departments against each other (with hilarious results).
• Roundtable discussions that tapped into employee expertise and offered the chance to win prizes.
• "Feature Friday" - a simple but effective way to put a human face on security.
• And for the truly adventurous: tabletop exercises with a Dungeons & Dragons twist!

We also share a treasure trove of free resources to get you started. So, ditch the boring webinars and turn October into a month of cybersecurity excitement! Your employees (and your data) will thank you.

Links & Resources:

• All the goodies mentioned in the episode:
  • CISA Cybersecurity Awareness Month (free)
  • National Cybersecurity Alliance (free)
  • KnowBe4 - Home of the "Inside Man"
  • Wizer (great alternative for training and phishing)
  • Hackback Gaming
• Ready to level up your cybersecurity awareness? Subscribe to ByteWise today!
  • Subscribe!

In this episode of ByteWise Podcast, Daniela, Brian, and Glen chat with Jeff Owen, Chief Operating Officer at Rochdale, a credit union services organization (CUSO) specializing in enterprise risk management (ERM). They delve into the often misunderstood concepts of risk appetite and risk tolerance, emphasizing their importance in the information security and technology space. Jeff shares his insights on defining ERM, establishing risk appetite statements, and integrating them into strategic decision-making. He also discusses the challenges of gaining buy-in for risk management initiatives and provides actionable advice for incorporating risk appetite statements into cybersecurity strategies.

Key Takeaways:

• Defining ERM: Jeff emphasizes the importance of understanding ERM's objectives before jumping into discussions, highlighting the need for a holistic approach that considers the biggest risks tied to organizational objectives.
• Risk Appetite vs. Risk Tolerance: Jeff differentiates between risk appetite (broad, qualitative view of acceptable risk) and risk tolerance (detailed, quantitative boundaries on specific risks).
• Establishing Risk Appetite Statements: Jeff outlines a step-by-step process involving dialogue between the board and executive team, incorporating risk categories and objectives, and creating hypothetical scenarios to gauge risk tolerance.
• Communicating Risk Appetite Statements: Jeff stresses the importance of communicating risk appetite statements to decision-makers across the organization, ensuring they understand and can leverage them in their roles.
• Cyber Risk Appetite: Jeff acknowledges the increased focus on cyber risk from regulators and boards and discusses incorporating cyber risk as a separate risk category in risk appetite statements.
• Integrating Risk Appetite with Strategy: Jeff highlights the value of integrating risk appetite conversations into strategic planning to proactively address risks and opportunities.
• Following Up on Risk Appetite Statements: Jeff suggests identifying measurable risk tolerances, tracking adherence to them, and establishing processes to address breaches.
• Example Risk Appetite Statement: Jeff shares an example risk appetite statement that balances an aggressive strategic plan for partnering with innovative technology providers with the importance of protecting member data and maintaining member confidence.

Guest Information:

Jeff Owen, Chief Operating Officer at Rochdale

• LinkedIn: Jeff Owen
• Email: jowen@rochdaleparagon.com