Not Just A Question Of Money: Cybersecurity And The CFO

Uploaded on 2016-06-01 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Cybersecurity is a matter of concern for every company no matter its size and available resources. As cyber criminals become increasingly complex and challenging to identify, the financial sector is left vulnerable due to direct access to capital and personal identity information.

In 2013, US financial services companies lost an average $23.6 million from cybersecurity breaches, according to a Deloitte report. This number is 43.9 percent higher than in 2012, when the industry was ranked third on a list of industries that cyber criminals most targeted. Similarly, an Agari study from 2014 found that the payments industry, including credit-card and digital-wallet companies, saw a 23-fold increase in malicious email attacks against its customers between the second and fourth quarters of 2014.

Despite common knowledge of verifying and evaluating sources of information, nearly 95 percent of all cyber-attacks are carried out via email messages. In an attempt to acquire employee information such as usernames, passwords, and credit card details, cyber criminals trick employees into sharing sensitive information, leading to identity theft, money laundering and other crimes.

Even with a dynamic and continuously optimized cyber defense system, it takes only a single point of entry to gain access to all the information stored by a corporation. With so much at stake, the need for C-level tools and education that allow for increased security are crucial. While CFOs may not be entirely familiar with the technology around cybersecurity solutions, they understand the inner workings of the most targeted financial data and systems, leaving them the most qualified candidates to protect them.

Here are some ways CFOs can support the company’s cybersecurity policy and execution:

Education

A PwC study found that Cybercrime risk appears to be increasing – however, risk awareness can differ greatly depending on an individual’s role and function. The first step in understanding what these risks are is education. CFOs understand what is at stake if there is a financial breach, therefore it is essential that the C-suite and relevant managers receive training on assets that are subject to a breach. Understanding cybersecurity trends and threats as well as parlaying that knowledge to board members should become one of the CFO’s key roles.

For example, make sure individual employees across the organization understand what a phishing attack could look like, and educate them on what is considered to be sensitive information. With the right knowledge to inform their decision making, corporate directors will be aware of what is vulnerable and what cybersecurity risks to be aware of.

Strategy

Even though corporate directors are concerned and aware of cybersecurity threats, they often have no one to turn to when informed decisions need to be made. The best way to insure the financial health of the organization is to identity vulnerabilities in the data supply chain within the organization. CFOs have the opportunity to establish a formal task force to help implement the strategic objectives of the organization’s cybersecurity mission. By reaching out and creating a task force of leaders in IT, legal, and finance, awareness of cybersecurity practices can spread enterprise-wide.

Implementation

According to a survey conducted by Protiviti, IT security does not get a lot of time on C-suite agendas. However, CFOs should take it upon themselves to determine what the organization is invested in most heavily and if the current level of protection is appropriate to that area’s level of importance. With so much at stake, organizations should tackle security measures from the top down. It’s crucial for C-level executives to discuss what intellectual property, and potential loss thereof, would be severely detrimental to the organization. This way CFOs can optimize cybersecurity risk management and protect their organization in the best way possible.

In today’s digital economy, it is more important than ever to ensure that the right protection is in place at all levels of engagement. As a CFO, protecting financial data is critical in steering the company towards success. The cost of a cyber-attack, whether it’s financial or reputational, can be astounding.

For CFOs, information security must become a top priority in defending their organization’s future. And off course taking care of cyber security is just a piece of the puzzle and risk management processes have to be enhanced with risk resilience to anticipate the degree of uncertainty.

Financial Executive: http://bit.ly/1r07Cnf

« Cybercrime Economy: The Business Of Hacking
Ethical Hackers: We Want You For A New Recruit »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

K2 Integrity

K2 Integrity

K2 Integrity is a preeminent risk, compliance, investigations, and monitoring firm - built by industry leaders to safeguard our clients’ operations, reputations, and economic security.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

ArcusTeam

ArcusTeam

ArcusTeam is at the forefront of the firmware and applications security industry, with a mission to increase the level of security on all IoT devices and applications.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

Armilla AI

Armilla AI

Armilla is the world’s only MGA focused solely on AI insurance and offers third-party testing, compliance, risk mitigation, and warranty coverage for enterprises and AI vendors alike.