<img height="1" width="1" src="https://www.facebook.com/tr?id=337946470568894&amp;ev=PageView &amp;noscript=1">

Analysing IT and Cyber Risks with the Fishbone Diagram on Collaboard

 

In this article, we would like to show why increased analysis in the area of IT and cyber risks is essential for financial institutions and how this endeavour can be implemented using the fishbone diagram on the digital whiteboard Collaboard. You will also find a concrete practical example of this later on.

IT and cyber risks play a special role for financial institutions such as banks, as they have a significant impact on business continuity, reputation and the economy if they occur. Recent attacks such as the ransomware attack on ICBC Financial Services in 2023, which led to significant business interruptions, or a cyberattack on Deutsche Leasing AG - a subsidiary of the savings banks - in the same year, which caused system blockages for employees and customers, will be remembered.
 

How important IT and cyber risks are for banks

IT and cyber risks pose significant challenges for banks, as they threaten the integrity, availability and confidentiality of sensitive data. Increasing digitalisation and networking are expanding the attack surface for cyber criminals, who are using increasingly sophisticated methods.

The relevance of these risks for banks is increased by regulatory requirements and the high sensitivity of the customer data processed. Studies show that financial institutions are increasingly using cloud services for the storage of sensitive data and the operation of critical systems, but cloud services are not always equally secure, which makes the selection of tools with the best data protection and compliance even more important.
 

u1359341786_A_black-and-white_storyboard_sketch_of_an_office__d865b2b7-82d1-4e6a-94f1-aa7a9dda0c12_3


How does the fishbone diagram help with risk analysis?

The fishbone diagram, also known as the Ishikawa diagram, is a proven tool for analysing problems and their causes. It was developed by Kaoru Ishikawa in the 1960s and is often used in quality management and process optimisation. The name "fishbone" is derived from the fishbone-like structure that characterises the diagram.

Structure and mode of operation

The fishbone diagram visualises cause-and-effect relationships in a structured format. At the top of the diagram is the central problem or goal, while possible causes are grouped along the "bones". Typical categories include

  • Manpower: Errors due to lack of training or attention
  • Machine: Technical problems or faulty software/hardware
  • Method: Inefficient processes or unclear instructions
  • Material: Poor quality or lack of resources
  • Environment: External factors such as physical or regulatory conditions
  • Management: Weaknesses in leadership or communication.

Advantages

The fishbone diagram is particularly useful for systematically identifying the causes of a problem. It promotes teamwork by involving everyone involved and is ideal for brainstorming sessions. The visual format makes complex relationships easy to understand and helps to distinguish causes from symptoms.

Disadvantages

Despite its strengths, the fishbone diagram also has weaknesses. It requires discipline and moderation to avoid drifting into unstructured thinking. Therefore, the precise definition of moderation and management competences - especially if the fishbone diagram is used on an online whiteboard - is essential in advance.
 
For banks, the fishbone diagram offers a clear method for analysing complex IT and cyber risks and developing solution strategies. It facilitates the structured discussion of problems such as security gaps or system failures and is a valuable addition to other analytical tools.
 


Practical example: Cyber risks visualised with the fishbone diagram

collaboard_risikoanalyse_fishbone

Fishbone diagram on Collaboard on the topic of cyber risks in banks

In the area of cyber risks, the previously defined fishbone diagram was created quickly and easily using the shape, arrow and text tools in Collaboard. The four users analysed the causes of the risks together and were able to work collaboratively and in real time.

The following points relating to cyber risks were listed in the fishbone diagram and in some cases linked by arrows (see screenshot).

Manpower

  • Employees click on phishing links in emails
  • Lack of knowledge about social engineering techniques
  • Carelessness when handling sensitive data
  • Use of insecure private devices in the work environment

Machine

  • Outdated firewall systems
  • Antivirus software without current updates
  • Vulnerabilities in the network architecture
  • Inadequately secured IoT devices

Environment

  • Legal regulations prevent rapid system adjustments
  • Use of cloud services with unclear security standards
  • External threats such as state-supported hacker groups
  • Dependence on global service providers with insecure infrastructure

Material

  • Customer data not encrypted
  • Use of insecure communication channels
  • Outdated software with known vulnerabilities
  • Lack of security certificates for websites

Method

  • No clear security guidelines for employees
  • Inadequate testing of third-party applications
  • Lack of monitoring of network activities
  • Insufficient procedures for dealing with security incidents

Management

  • No regular security review of the IT infrastructure
  • Lack of responsibility for IT security issues at management level
  • Lack of budget for security measures
  • No established processes for security updates


The effects (consequences) are described on the right-hand side of the diagram, including financial losses, reputational damage, loss of data, regulatory sanctions, business interruption, increased costs.

To summarise, a cyberattack can severely impair the bank's ability to function and cause significant financial and operational challenges. It is therefore essential to use modern digital tools to work together preventively and as a team and to implement robust security strategies.

collaboard_risikoanalyse_fishbone_2

With the help of the comment function, topics can be discussed directly on the board in the form of chats in order to reflect together and clarify open questions. Comments can be linked directly to texts, images, mind maps, shapes, etc. in order to create clarity via a clear context.

collaboard_risikoanalyse_fishbone_3

The infinitely large whiteboard surface allows you to zoom in on the board so that additional information can be added to each content point. In this example, the users use moderation cards to discuss the aspect of "impact" from the fishbone diagram. The sticky notes can be scaled as required and also commented on.

Collaboard also offers an Ishikawa diagram template with which you can get started right away.

A multi-page PDF document has also been placed on the board to provide further information on the topic of "Internal & External Impact". For example, existing documents such as security concepts can also be linked directly to information on the board.

Role of online whiteboards in risk analysis

Online whiteboards such as Collaboard have established themselves as powerful tools for collaboration and analysis. For banks, they provide a platform to efficiently create and collaborate on a wide range of risk management tools in addition to fishbone diagrams, even when team members are working in different locations.

Online whiteboards enable real-time editing where all participants can contribute their ideas at the same time. This promotes creative exchange and speeds up the analysis process. In addition, data, documents and other tools can be seamlessly integrated, which increases the depth of the discussion.

As IT and cyber risks often affect several departments, online whiteboards facilitate communication between IT, risk and compliance teams. They provide a visual and well-documented basis for measures that also fulfil regulatory requirements.

An interdisciplinary team can use Collaboard to develop a fishbone diagram for cyber risks, add comments in real time and derive to-dos directly from the analysis in the form of sticky notes, mind maps or further documents. Further important functions and benefits of Collaboard specifically for financial institutions can be found on the industry page.

 

Why data protection and compliance are essential for service providers

When using online whiteboards, data protection and compliance are of central importance for banks. The processing of sensitive and internal data requires a careful selection of suitable platforms. In 2023, for example, a data leak from a service provider of German banks led to thousands of customer data being compromised. This example underlines the importance of the service provider's expertise in data protection and compliance.
 

Collaboard is a widely used solution in the financial industry due to its high data protection standards. The software offers various hosting options, e.g. on servers in Switzerland at Microsoft Azure or in Germany at the Open Telekom Cloud. It is also possible to operate Collaboard on-premises or in your own cloud environment.

UBS, for example, uses Microsoft's data centres in Switzerland. In addition to the flexible hosting options, Collaboard offers the highest standards in terms of data encryption and software architecture.

Collaboard is therefore not only a risk management tool, but also provides protection against IT and cyber risks. ISO 27001 certification, role-based access rights and synchronisation with Active Directory groups as well as single sign-on round off Collaboard's security.

The fact that Collaboard is one of the most secure online whiteboards is also demonstrated by the fact that U.S. government agencies use the solution for data with Impact Level 5 and 6, which are the highest protection classes for data => All information on data protection and GDPR with Collaboard.

Finally, regularly checking platforms and tools for compliance with regulatory requirements minimises risks and creates confidence in their use.

 

Conclusion

IT and cyber risks are a key challenge for banks. Tools such as Collaboard enable a structured analysis to identify weaknesses and develop countermeasures.

The integration of Collaboard into this process promotes collaboration and facilitates documentation, while the increased adherence to data protection and compliance standards creates trust.

The interplay of innovative analysis tools and modern collaboration platforms gives banks the opportunity to arm themselves against the growing threats of the digital world.

Recent Posts from Blog

Entity relationship model: simply explained and practically implemented

The entity-relationship model (ER model) is an important tool when it comes to visualising complex data structures and presenting...

Read more

Process documentation | Best practices & methods

Did you know that precise process documentation is not only the basis for smooth workflows, but also makes collaboration in teams...

Read more

Create an Organisation Chart: The Best Tips & Tricks

A clearly structured organisation chart increases efficiency in teams by making responsibilities and communication channels...

Read more