In this article, we would like to show why increased analysis in the area of IT and cyber risks is essential for financial institutions and how this endeavour can be implemented using the fishbone diagram on the digital whiteboard Collaboard. You will also find a concrete practical example of this later on.
How important IT and cyber risks are for banks
IT and cyber risks pose significant challenges for banks, as they threaten the integrity, availability and confidentiality of sensitive data. Increasing digitalisation and networking are expanding the attack surface for cyber criminals, who are using increasingly sophisticated methods.
How does the fishbone diagram help with risk analysis?
The fishbone diagram, also known as the Ishikawa diagram, is a proven tool for analysing problems and their causes. It was developed by Kaoru Ishikawa in the 1960s and is often used in quality management and process optimisation. The name "fishbone" is derived from the fishbone-like structure that characterises the diagram.
Structure and mode of operation
The fishbone diagram visualises cause-and-effect relationships in a structured format. At the top of the diagram is the central problem or goal, while possible causes are grouped along the "bones". Typical categories include
- Manpower: Errors due to lack of training or attention
- Machine: Technical problems or faulty software/hardware
- Method: Inefficient processes or unclear instructions
- Material: Poor quality or lack of resources
- Environment: External factors such as physical or regulatory conditions
- Management: Weaknesses in leadership or communication.
Advantages
The fishbone diagram is particularly useful for systematically identifying the causes of a problem. It promotes teamwork by involving everyone involved and is ideal for brainstorming sessions. The visual format makes complex relationships easy to understand and helps to distinguish causes from symptoms.
Disadvantages
Practical example: Cyber risks visualised with the fishbone diagram
Fishbone diagram on Collaboard on the topic of cyber risks in banks
In the area of cyber risks, the previously defined fishbone diagram was created quickly and easily using the shape, arrow and text tools in Collaboard. The four users analysed the causes of the risks together and were able to work collaboratively and in real time.
The following points relating to cyber risks were listed in the fishbone diagram and in some cases linked by arrows (see screenshot).
Manpower
- Employees click on phishing links in emails
- Lack of knowledge about social engineering techniques
- Carelessness when handling sensitive data
- Use of insecure private devices in the work environment
Machine
- Outdated firewall systems
- Antivirus software without current updates
- Vulnerabilities in the network architecture
- Inadequately secured IoT devices
Environment
- Legal regulations prevent rapid system adjustments
- Use of cloud services with unclear security standards
- External threats such as state-supported hacker groups
- Dependence on global service providers with insecure infrastructure
Material
- Customer data not encrypted
- Use of insecure communication channels
- Outdated software with known vulnerabilities
- Lack of security certificates for websites
Method
- No clear security guidelines for employees
- Inadequate testing of third-party applications
- Lack of monitoring of network activities
- Insufficient procedures for dealing with security incidents
Management
- No regular security review of the IT infrastructure
- Lack of responsibility for IT security issues at management level
- Lack of budget for security measures
- No established processes for security updates
The effects (consequences) are described on the right-hand side of the diagram, including financial losses, reputational damage, loss of data, regulatory sanctions, business interruption, increased costs.
To summarise, a cyberattack can severely impair the bank's ability to function and cause significant financial and operational challenges. It is therefore essential to use modern digital tools to work together preventively and as a team and to implement robust security strategies.
With the help of the comment function, topics can be discussed directly on the board in the form of chats in order to reflect together and clarify open questions. Comments can be linked directly to texts, images, mind maps, shapes, etc. in order to create clarity via a clear context.
The infinitely large whiteboard surface allows you to zoom in on the board so that additional information can be added to each content point. In this example, the users use moderation cards to discuss the aspect of "impact" from the fishbone diagram. The sticky notes can be scaled as required and also commented on.
Collaboard also offers an Ishikawa diagram template with which you can get started right away.
A multi-page PDF document has also been placed on the board to provide further information on the topic of "Internal & External Impact". For example, existing documents such as security concepts can also be linked directly to information on the board.
Role of online whiteboards in risk analysis
Online whiteboards such as Collaboard have established themselves as powerful tools for collaboration and analysis. For banks, they provide a platform to efficiently create and collaborate on a wide range of risk management tools in addition to fishbone diagrams, even when team members are working in different locations.
Online whiteboards enable real-time editing where all participants can contribute their ideas at the same time. This promotes creative exchange and speeds up the analysis process. In addition, data, documents and other tools can be seamlessly integrated, which increases the depth of the discussion.
As IT and cyber risks often affect several departments, online whiteboards facilitate communication between IT, risk and compliance teams. They provide a visual and well-documented basis for measures that also fulfil regulatory requirements.
An interdisciplinary team can use Collaboard to develop a fishbone diagram for cyber risks, add comments in real time and derive to-dos directly from the analysis in the form of sticky notes, mind maps or further documents. Further important functions and benefits of Collaboard specifically for financial institutions can be found on the industry page.
Why data protection and compliance are essential for service providers
Collaboard is a widely used solution in the financial industry due to its high data protection standards. The software offers various hosting options, e.g. on servers in Switzerland at Microsoft Azure or in Germany at the Open Telekom Cloud. It is also possible to operate Collaboard on-premises or in your own cloud environment.
UBS, for example, uses Microsoft's data centres in Switzerland. In addition to the flexible hosting options, Collaboard offers the highest standards in terms of data encryption and software architecture.
Collaboard is therefore not only a risk management tool, but also provides protection against IT and cyber risks. ISO 27001 certification, role-based access rights and synchronisation with Active Directory groups as well as single sign-on round off Collaboard's security.
The fact that Collaboard is one of the most secure online whiteboards is also demonstrated by the fact that U.S. government agencies use the solution for data with Impact Level 5 and 6, which are the highest protection classes for data => All information on data protection and GDPR with Collaboard.
Finally, regularly checking platforms and tools for compliance with regulatory requirements minimises risks and creates confidence in their use.
Conclusion
IT and cyber risks are a key challenge for banks. Tools such as Collaboard enable a structured analysis to identify weaknesses and develop countermeasures.
The integration of Collaboard into this process promotes collaboration and facilitates documentation, while the increased adherence to data protection and compliance standards creates trust.
The interplay of innovative analysis tools and modern collaboration platforms gives banks the opportunity to arm themselves against the growing threats of the digital world.