A Chief Technology Officer for a Midwest banking holding company made a very interesting observation. In commenting about the needed increase in fraud fighting resources, he warned about the perils of overemphasizing technology while ignoring training staff in using manual fraud-detection processes.
Most of what he says is spot on in terms of ensuring the proper prioritization, risk analysis and the blind reliance on technology to identify and neutralize threats and breaches. In fact, as an officer in a technology company, I happen to agree with him on almost everything he said.
He also noted that to prevent fraud, financial institutions need to go beyond adopting the latest technologies and ensure they have trained staff to identify fraud, such as by reviewing reports or spotting unusual activity
Now the key is how to cost effectively apply those resources, train those departments in the latest detection protocols and remediation, implement new layers of detection and correlation. Even for the largest corporation, this has the earmarks of an expensive (but obviously important) initiative. The answer can be found in the cloud as part of a security-as-service deployment.