CRM Archive

0

Cybersecurity: Linchpin of the digital enterprise

Two consistent and related themes in enterprise technology have emerged in recent years, both involving rapid and dramatic change. One is the rise of the digital enterprise across sectors and internationally. The second is the need for IT to react quickly and develop innovations aggressively to meet the enterprise’s digital aspirations. Exhibit 1 presents a “digitization index”—the results of research on the progress of enterprise digitization within companies, encompassing sectors, assets, and operations.

As IT organizations seek to digitize, however, many face significant cybersecurity challenges. At company after company, fundamental tensions arise between the business’s need to digitize and the cybersecurity team’s responsibility to protect the organization, its employees, and its customers within existing cyber operating models and practices.

If cybersecurity teams are to avoid becoming barriers to digitization and instead become its enablers, they must transform their capabilities along three dimensions. They must improve risk management, applying quantitative risk analytics. They must build cybersecurity directly into businesses’ value chains. And they must support the next generation of enterprise-technology platforms, which include innovations like agile development, robotics, and cloud-based operating models.

Cybersecurity’s role in digitization

Every aspect of the digital enterprise has important cybersecurity implications. Here are just a few examples. As companies seek to create more digital customer experiences, they need to determine how to align their teams that manage fraud prevention, security, and product development so they can design controls, such as authentication, and create experiences that are both convenient and secure. As companies adopt massive data analytics, they must determine how to identify risks created by data sets that integrate many types of incredibly sensitive customer information. They must also incorporate security controls into analytics solutions that may not use a formal software-development methodology. As companies apply robotic process automation (RPA), they must manage bot credentials effectively and make sure that “boundary cases”—cases with unexpected or unusual factors, or inputs that are outside normal limits—do not introduce security risks.

About the author(s)

James Kaplan is a partner in McKinsey’s New York office, Wolf Richter is a partner in the Berlin office, and David Ware is an associate partner in the Washington, DC, office.

More: www.mckinsey.com

0

Five routes to more innovative problem solving

Rob McEwen had a problem. The chairman and chief executive officer of Canadian mining group Goldcorp knew that its Red Lake site could be a money-spinner—a mine nearby was thriving—but no one could figure out where to find high-grade ore. The terrain was inaccessible, operating costs were high, and the unionized staff had already gone on strike. In short, McEwen was lumbered with a gold mine that wasn’t a gold mine.

Then inspiration struck. Attending a conference about recent developments in IT, McEwen was smitten with the open-source revolution. Bucking fierce internal resistance, he created the Goldcorp Challenge: the company put Red Lake’s closely guarded topographic data online and offered $575,000 in prize money to anyone who could identify rich drill sites. To the astonishment of players in the mining sector, upward of 1,400 technical experts based in 50-plus countries took up the problem. The result? Two Australian teams, working together, found locations that have made Red Lake one of the world’s richest gold mines. “From a remote site, the winners were able to analyze a database and generate targets without ever visiting the property,” McEwen said. “It’s clear that this is part of the future.”

McEwen intuitively understood the value of taking a number of different approaches simultaneously to solving difficult problems. A decade later, we find that this mind-set is ever more critical: business leaders are operating in an era when forces such as technological change and the historic rebalancing of global economic activity from developed to emerging markets have made the problems increasingly complex, the tempo faster, the markets more volatile, and the stakes higher. The number of variables at play can be enormous, and free-flowing information encourages competition, placing an ever-greater premium on developing innovative, unique solutions.

This article presents an approach for doing just that. How? By using what we call flexible objects for generating novel solutions, or flexons, which provide a way of shaping difficult problems to reveal innovative solutions that would otherwise remain hidden. This approach can be useful in a wide range of situations and at any level of analysis, from individuals to groups to organizations to industries. To be sure, this is not a silver bullet for solving any problem whatever. But it is a fresh mechanism for representing ambiguous, complex problems in a structured way to generate better and more innovative solutions.

The flexons approach

Networks flexon

Evolutionary flexon

Decision-agent flexon

System-dynamics flexon

Information-processing flexon

Putting flexons to work

Flexons help turn chaos into order by representing ambiguous situations and predicaments as well-defined, analyzable problems of prediction and optimization. They allow us to move up and down between different levels of detail to consider situations in all their complexity. And, perhaps most important, flexons allow us to bring diversity inside the head of the problem solver, offering more opportunities to discover counterintuitive insights, innovative options, and unexpected sources of competitive advantage.

About the author(s)

Olivier Leclerc is a principal in McKinsey’s Southern California office. Mihnea Moldoveanu is associate dean of the full-time MBA program at the University of Toronto’s Rotman School of Management, where he directs the Desautels Centre for Integrative Thinking.

More: www.mckinsey.com

0

Financial crime and fraud in the age of cybersecurity

As cybersecurity threats compound the risks of financial crime and fraud, institutions are crossing functional boundaries to enable collaborative resistance.

In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on anti–money laundering (AML) controls alone in 2017. The crimes themselves, detected and undetected, have become more numerous and costly than ever. In a widely cited estimate, for every dollar of fraud institutions lose nearly three dollars, once associated costs are added to the fraud loss itself. 1 Risks for banks arise from diverse factors, including vulnerabilities to fraud and financial crime inherent in automation and digitization, massive growth in transaction volumes, and the greater integration of financial systems within countries and internationally. Cybercrime and malicious hacking have also intensified. In the domain of financial crime, meanwhile, regulators continually revise rules, increasingly to account for illegal trafficking and money laundering, and governments have ratcheted up the use of economic sanctions, targeting countries, public and private entities, and even individuals. Institutions are finding that their existing approaches to fighting such crimes cannot satisfactorily handle the many threats and burdens. For this reason, leaders are transforming their operating models to obtain a holistic view of the evolving landscape of financial crime. This view becomes the starting point of efficient and effective management of fraud risk.

The evolution of fraud and financial crime

Fraud and financial crime adapt to developments in the domains they plunder. (Most financial institutions draw a distinction between these two types of crimes: for a view on the distinction, or lack thereof, see the sidebar “Financial crime or fraud?”) With the advent of digitization and automation of financial systems, these crimes have become more electronically sophisticated and impersonal.

Financial crime or fraud?

For purposes of detection, interdiction, and prevention, many institutions draw a distinction between fraud and financial crime. Boundaries are blurring, especially since the rise of cyberthreats, which reveal the extent to which criminal activities have become more complex and interrelated. What’s more, the distinction is not based on law, and regulators sometimes view it as the result of organizational silos. Nevertheless, financial crime has generally meant money laundering and a few other criminal transgressions, including bribery and tax evasion, involving the use of financial services in support of criminal enterprises. It is most often addressed as a compliance issue, as when financial institutions avert fines with anti–money laundering activities. Fraud, on the other hand, generally designates a host of crimes, such as forgery, credit scams, and insider threats, involving deception of financial personnel or services to commit theft. Financial institutions have generally approached fraud as a loss problem, lately applying advanced analytics for detection and even real-time interdiction. As the distinction between these three categories of crime have become less relevant, financial institutions need to use many of the same tools to protect assets against all of them.

One series of crimes, the so-called Carbanak attacks beginning in 2013, well illustrates the cyber profile of much of present-day financial crime and fraud. These were malware-based bank thefts totaling more than $1 billion. The attackers, an organized criminal gang, gained access to systems through phishing and then transferred fraudulently inflated balances to their own accounts or programmed ATMs to dispense cash to waiting accomplices (Exhibit 1).

We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

Significantly, this crime was one simultaneous, coordinated attack against many banks. The attackers exhibited a sophisticated knowledge of the cyber environment and likely understood banking processes, controls, and even vulnerabilities arising from siloed organizations and governance. They also made use of several channels, including ATMs, credit and debit cards, and wire transfers. The attacks revealed that meaningful distinctions among cyberattacks, fraud, and financial crime are disappearing. Banks have not yet addressed these new intersections, which transgress the boundary lines most have erected between the types of crimes (Exhibit 2).

More: https://www.mckinsey.com/business-functions/risk

Authors: Salim Hasham is a partner in McKinsey’s New York office, where Shoan Joshi is a senior expert; Daniel Mikkelsen is a senior partner in the London office.

0

Growing your own agility coaches to adopt new ways of working

Agile coaches play a vital role in enterprise-wide agile transformations. To develop enough coaches, companies should create specialized training academies.

Companies are increasingly looking to infuse agility into their operating models. However, as organizations attempt to scale these efforts across their entire business, new challenges that simply didn’t exist at the micro level are beginning to surface. These challenges are especially prevalent where traditional organization silos need to interact.

The big realization for many companies is that scaling agile is not simply a matter of replicating agile practices across more teams. This is why trying to adapt project-management offices (PMOs) to support agile projects or bringing in more scrum masters is unlikely to be effective (see sidebar, “The scrum master’s role in scaling agile”). Rather, agility as an operating model requires the rewiring of core enterprise-wide processes. With this comes a need for the organization to operate differently.
The degree of change required to adopt agile ways of working across an entire organization is simply too large to repurpose existing roles and structures. Only by investing in agility coaches—and a comprehensive program to identify, train, and support them—can companies expect to scale and sustain agile across the enterprise.

To ensure the success of the agility coaching academy, it is critical to have the right support and leadership structure. Typically, the academy is led by a full-time executive who reports to either the CHRO or some other member of the C-suite depending on who is really driving the agile transformation—it could be the CIO, the head of transformation, or the COO. The academy lead is accountable for the following:

  • Setting the strategy and defining the delivery road map for the academy
  • Running the day-to-day operations of the academy, such as building and refining the academy backlog
  • Leading the recruitment of coaches
  • Overseeing learning and development of the trainee agility coaches, and administering the learning and development of graduated coaches
  • Defining the evaluation criteria and mechanisms to measure effectiveness of the agility coaches
  • Deploying the right agility coaches to the right areas and teams
  • Overseeing performance evaluations for the agility coach cohort

More: https://www.mckinsey.com/business-functions/

By Amit Anand, Sahil Merchant, Arun Sunderraj, and Belkis Vasquez-McCall

About the authors: Amit Anand is a senior expert in McKinsey’s Sydney office, Sahil Merchant is a partner in the Melbourne office, Arun Sunderraj is a digital expert in the New York office, and Belkis Vasquez-McCall is a partner in the New Jersey office.

0

Kedro, McKinsey’s first open-source software tool

 

QuantumBlack, the advanced analytics firm we acquired in 2015, has now launched Kedro, an open source tool created specifically for data scientists and engineers. It is a library of code that can be used to create data and machine-learning pipelines. For our non-developer readers, these are the building blocks of an analytics or machine-learning project. “Kedro can change the way data scientists and engineers work,” explains product manager Yetunde Dada, “making it easier to manage large workflows and ensuring a consistent quality of code throughout a project.”

McKinsey has never before created a publicly available, open source tool. “It represents a significant shift for the firm,” notes Jeremy Palmer, CEO of QuantumBlack, “as we continue to balance the value of our proprietary assets with opportunities to engage as part of the developer community, and accelerate as well as share our learning.”

The name Kedro, which derives from the Greek word meaning center or core, signifies that this open-source software provides crucial code for ‘productionizing’ advanced analytics projects. Kedro has two major benefits: it allows teams to collaborate more easily by structuring analytics code in a uniform way so that it flows seamlessly through all stages of a project. This can include consolidating data sources, cleaning data, creating features and feeding the data into machine-learning models for explanatory or predictive analytics.

More: www.mckinsey.com; https://github.com/quantumblacklabs/kedro

  What are the main features of Kedro?

1. Project template and coding standards

  • A standard and easy-to-use project template
  • Configuration for credentials, logging, data loading and Jupyter Notebooks / Lab
  • Test-driven development using pytest
  • Sphinx integration to produce well-documented code

2. Data abstraction and versioning

  • Separation of the compute layer from the data handling layer, including support for different data formats and storage options
  • Versioning for your data sets and machine learning models

3. Modularity and pipeline abstraction

  • Support for pure Python functions, nodes, to break large chunks of code into small independent sections
  • Automatic resolution of dependencies between nodes
  • (coming soon) Visualise your data pipeline with Kedro-Viz, a tool that shows the pipeline structure of Kedro projects

Note: Read our FAQs to learn how we differ from workflow managers like Airflow and Luigi.

4. Feature extensibility

  • A plugin system that injects commands into the Kedro command line interface (CLI)
  • List of officially supported plugins:
    • (coming soon) Kedro-Airflow, making it easy to prototype your data pipeline in Kedro before deploying to Airflow, a workflow scheduler
    • Kedro-Docker, a tool for packaging and shipping Kedro projects within containers
  • Kedro can be deployed locally, on-premise and cloud (AWS, Azure and GCP) servers, or clusters (EMR, Azure HDinsight, GCP and Databricks)