Not Just A Question Of Money: Cybersecurity And The CFO

Cybersecurity is a matter of concern for every company no matter its size and available resources. As cyber criminals become increasingly complex and challenging to identify, the financial sector is left vulnerable due to direct access to capital and personal identity information.

In 2013, US financial services companies lost an average $23.6 million from cybersecurity breaches, according to a Deloitte report. This number is 43.9 percent higher than in 2012, when the industry was ranked third on a list of industries that cyber criminals most targeted. Similarly, an Agari study from 2014 found that the payments industry, including credit-card and digital-wallet companies, saw a 23-fold increase in malicious email attacks against its customers between the second and fourth quarters of 2014.

Despite common knowledge of verifying and evaluating sources of information, nearly 95 percent of all cyber-attacks are carried out via email messages. In an attempt to acquire employee information such as usernames, passwords, and credit card details, cyber criminals trick employees into sharing sensitive information, leading to identity theft, money laundering and other crimes.

Even with a dynamic and continuously optimized cyber defense system, it takes only a single point of entry to gain access to all the information stored by a corporation. With so much at stake, the need for C-level tools and education that allow for increased security are crucial. While CFOs may not be entirely familiar with the technology around cybersecurity solutions, they understand the inner workings of the most targeted financial data and systems, leaving them the most qualified candidates to protect them.

Here are some ways CFOs can support the company’s cybersecurity policy and execution:

Education

A PwC study found that Cybercrime risk appears to be increasing – however, risk awareness can differ greatly depending on an individual’s role and function. The first step in understanding what these risks are is education. CFOs understand what is at stake if there is a financial breach, therefore it is essential that the C-suite and relevant managers receive training on assets that are subject to a breach. Understanding cybersecurity trends and threats as well as parlaying that knowledge to board members should become one of the CFO’s key roles.

For example, make sure individual employees across the organization understand what a phishing attack could look like, and educate them on what is considered to be sensitive information. With the right knowledge to inform their decision making, corporate directors will be aware of what is vulnerable and what cybersecurity risks to be aware of.

Strategy

Even though corporate directors are concerned and aware of cybersecurity threats, they often have no one to turn to when informed decisions need to be made. The best way to insure the financial health of the organization is to identity vulnerabilities in the data supply chain within the organization. CFOs have the opportunity to establish a formal task force to help implement the strategic objectives of the organization’s cybersecurity mission. By reaching out and creating a task force of leaders in IT, legal, and finance, awareness of cybersecurity practices can spread enterprise-wide.

Implementation

According to a survey conducted by Protiviti, IT security does not get a lot of time on C-suite agendas. However, CFOs should take it upon themselves to determine what the organization is invested in most heavily and if the current level of protection is appropriate to that area’s level of importance. With so much at stake, organizations should tackle security measures from the top down. It’s crucial for C-level executives to discuss what intellectual property, and potential loss thereof, would be severely detrimental to the organization. This way CFOs can optimize cybersecurity risk management and protect their organization in the best way possible.

In today’s digital economy, it is more important than ever to ensure that the right protection is in place at all levels of engagement. As a CFO, protecting financial data is critical in steering the company towards success. The cost of a cyber-attack, whether it’s financial or reputational, can be astounding.

For CFOs, information security must become a top priority in defending their organization’s future. And off course taking care of cyber security is just a piece of the puzzle and risk management processes have to be enhanced with risk resilience to anticipate the degree of uncertainty.

Financial Executive: http://bit.ly/1r07Cnf

« Cybercrime Economy: The Business Of Hacking
Ethical Hackers: We Want You For A New Recruit »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

SureCloud

SureCloud

SureCloud is a Governance, Risk and Compliance (GRC) and Cybersecurity Solutions provider.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

Sothis

Sothis

Sothis is an information technology services company offering a range of solutions including cybersecurity, managed security services, information governance and compliance.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council is a leading collaborative effort between Government of India and Industry to raise Cybersecurity awareness nationally.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.