Skip to main content

CyberSecurity

Cybersecurity threats continue to escalate.


The growing number, frequency and impact of cyber attacks have propelled cybersecurity to the top of the CFO and board agendas.
Today’s cybercriminals are well-funded, organized structures with the patience to infiltrate a company’s systems over time to obtain the information they desire.
The infiltrators have gone beyond focusing on credit card details. They have long-term strategies, which often mean they are targeting to manipulate a company’s share price, alter a company’s financial data or undertake or interfere with large-scale financial transactions.
CFOs fully understand that cyber threats are real. They have seen the financial and reputational damage victims have faced. And as the world becomes increasingly digital, the number and severity of these threats will only intensify.
Cybersecurity is fundamentally about protecting an organization’s shareholder value. CFOs must play a much greater role.

The first step toward protecting an organization is to realize that attacks are inevitable, It is  discovered that most organizations had only a moderate level of cybersecurity maturity. Instead of anticipating threats and preparing for them, organizations continue to react only when an attack has been detected.
Cybersecurity should no longer be viewed as an IT-only issue. While the CIO continues to play a crucial role, in the more mature cybersecurity functions, the CFO and board lead discussions on cyber security as a major exposure in the organization’s overall risk management framework. (Read how the CFO and CIO can partner to address cybersecurity.)

The need for a proactive, board-level approach

As businesses become more digital, new avenues of access for cyber criminals to organizations’ assets are being created. Operational technology, for example, represents a major risk that is too often overlooked at the board level.
Operational technology is not traditional IT software and hardware. It is the systems that underpin operations in many companies, such as those that deliver electricity, move oil and gas or operate assembly lines in some industries.
These systems often aren’t managed by IT. However, as more devices become connected, the “Internet of Things” has become a major source of risk. The CFO needs to weave operational technology, and other emerging avenues of entry, into the company’s risk management processes

A better approach is to grasp the gravity of the situation – and the speed at which it happens – and work with the board and IT function to define a mature cybersecurity function that protects the company’s key assets and can evolve with time. The CFO should then invest to fill the gap between where the company is now and where it should be. Moving forward, the focus should shift from detection to prevention.
Creating a mature cybersecurity function starts with a detailed understanding of the organization’s key assets. The CFO needs to be part of the team that decides what those primary assets – or crown jewels – are, recognizing that they will change over time.
Several questions will help organizations identify their primary assets:
  • What assets would hurt the organization’s day-to-day operations if lost?
  • What assets would result in a loss of consumer confidence if breached?
  • What assets would cause grave reputational harm and dilute shareholder value, if compromised?To help create an effective road map to a mature cybersecurity function, CFOs can ask several key questions right now:
  • What is our overall risk tolerance?
  • What is my organization’s current exposure to cyber risk?
  • How does our preparedness compare to our competitors?
  • Is our cyber risk exposure consistent with our risk tolerance?
  • Are there adequate processes in place to prevent, detect, contain and respond to a cyber attack?
  • Do we have a plan for how we will respond to a cyber attack?
  • Have we tested the plan thoroughly so there is no time delay when the breach occurs?
In today’s 24/7 media cycle, global organizations need a thoroughly tested cyber-attack plan that prepares the company to respond no matter where or when the breach occurs. Communication to the media and investors is absolutely critical in the wake of a breach, because it may sway the media and the market’s response, which can impact share price.
Having a well-planned response as part of the cybersecurity strategy helps give peace of mind to investors and the board of directors and helps the company better control the outcome.
CFOs need to collaborate with their CIO, the board and cybersecurity experts to be prepared for the first signs of a breach. The plan should include:
  • Regulatory relations
  • Media relations
  • Investor relations
  • IT
  • Risk
Banking and capital markets: prime targets
All sectors are at risk from cyber attacks. Banking and capital markets, for example, are exposed for two reasons:
1.      Their most precious assets are mostly electronic.
2.      They are information organizations with huge volumes of transactions and communications that are vulnerable to infiltration.

Banking is a highly regulated industry. The requirements relating to how companies protect the data in their possession is forever tightening in the name of security. That means that in addition to the inherent financial and reputational risks, there are criminal risks for noncompliance.

The good news is that financial services CFOs are ahead of their peers in other industries when it comes to managing who has access to sensitive data. But the volume of transactions and global reach of today’s consumers and suppliers also makes it easy for cybercriminals to hide the evidence of their attacks. To create and continually update a cybersecurity system that is more sophisticated than the ones the hackers are using, management needs to fully understand the bank’s workflow through the back, middle and front offices.


While banking and capital markets will always be vulnerable to attacks, acquisitions can render them particularly vulnerable. The only way companies in these industries can identify threats before the damage exposed during an acquisition is too great is by applying data analytics that detect anomalies in the way employees, suppliers and customers behave.

Comments

Popular posts from this blog

Common Sense Identification of the Security Problems

Organizations make key information security mistakes, which leads to inefficient and ineffective control environment. High profile data breaches and cyber-attacks drive the industry to look for more comprehensive protection measures since many organizations feel that their capability to withstand persistent targeted attacks is minimal. But at the same time, these organizations make some key information security mistakes, that jeopardize their efforts towards control robustness. Although many firms invest in security technologies and people, no one has the confidence that the measures taken are good enough to protect their data from compromises. Below are the 10 worst mistakes which are common to find, and important to address in the path of mature information security posture. If you analyze the cyber security scenarios, and organizational capabilities, the prevailing trend is a vendor-driven approach. In many cases, security professionals adopt the attitude of procuring...

Real-Time Talk: Windows 10 IoT Core Background Tasks and ASP.NET Core Web Apps

Display useful information from your Windows 10 IoT Core application in an ASP.NET Core web app, essential for integrating IoT data into a solution. Windows 10 IoT background task talk with a web application using WebSockets. Problems As my path to this solution has been troublesome, I am listing here the main problems I faced so my dear readers have a better idea of dead-end streets along the way: I was not able to make the ASP.NET Core web application run under a Windows 10 IoT background service. I found no information about when or if it will be supported in the near future. ASP.NET MVC and ASP.NET Core have different SignalR implementations. I was not able to make a SignalR client for .NET Core work with SignalR hosted on a web application. I was able to make things work by directly using a WebSocket. It’s not as nice a solution as I had in my mind, but it works until things get better. Making the Background Task and Web Application Talk I worked out sim...

Python and Parquet Performance

In Pandas, PyArrow, fastparquet, AWS Data Wrangler, PySpark and Dask. This post outlines how to use all common Python libraries to read and write Parquet format while taking advantage of  columnar storage ,  columnar compression  and  data partitioning . Used together, these three optimizations can dramatically accelerate I/O for your Python applications compared to CSV, JSON, HDF or other row-based formats. Parquet makes applications possible that are simply impossible using a text format like JSON or CSV. Introduction I have recently gotten more familiar with how to work with  Parquet  datasets across the six major tools used to read and write from Parquet in the Python ecosystem:  Pandas ,  PyArrow ,  fastparquet ,  AWS Data Wrangler ,  PySpark  and  Dask . My work of late in algorithmic trading involves switching between these tools a lot and as I said I often mix up the APIs. I use Pandas and PyArrow for in-RAM comput...