Skip to main content

CyberSecurity

Cybersecurity threats continue to escalate.


The growing number, frequency and impact of cyber attacks have propelled cybersecurity to the top of the CFO and board agendas.
Today’s cybercriminals are well-funded, organized structures with the patience to infiltrate a company’s systems over time to obtain the information they desire.
The infiltrators have gone beyond focusing on credit card details. They have long-term strategies, which often mean they are targeting to manipulate a company’s share price, alter a company’s financial data or undertake or interfere with large-scale financial transactions.
CFOs fully understand that cyber threats are real. They have seen the financial and reputational damage victims have faced. And as the world becomes increasingly digital, the number and severity of these threats will only intensify.
Cybersecurity is fundamentally about protecting an organization’s shareholder value. CFOs must play a much greater role.

The first step toward protecting an organization is to realize that attacks are inevitable, It is  discovered that most organizations had only a moderate level of cybersecurity maturity. Instead of anticipating threats and preparing for them, organizations continue to react only when an attack has been detected.
Cybersecurity should no longer be viewed as an IT-only issue. While the CIO continues to play a crucial role, in the more mature cybersecurity functions, the CFO and board lead discussions on cyber security as a major exposure in the organization’s overall risk management framework. (Read how the CFO and CIO can partner to address cybersecurity.)

The need for a proactive, board-level approach

As businesses become more digital, new avenues of access for cyber criminals to organizations’ assets are being created. Operational technology, for example, represents a major risk that is too often overlooked at the board level.
Operational technology is not traditional IT software and hardware. It is the systems that underpin operations in many companies, such as those that deliver electricity, move oil and gas or operate assembly lines in some industries.
These systems often aren’t managed by IT. However, as more devices become connected, the “Internet of Things” has become a major source of risk. The CFO needs to weave operational technology, and other emerging avenues of entry, into the company’s risk management processes

A better approach is to grasp the gravity of the situation – and the speed at which it happens – and work with the board and IT function to define a mature cybersecurity function that protects the company’s key assets and can evolve with time. The CFO should then invest to fill the gap between where the company is now and where it should be. Moving forward, the focus should shift from detection to prevention.
Creating a mature cybersecurity function starts with a detailed understanding of the organization’s key assets. The CFO needs to be part of the team that decides what those primary assets – or crown jewels – are, recognizing that they will change over time.
Several questions will help organizations identify their primary assets:
  • What assets would hurt the organization’s day-to-day operations if lost?
  • What assets would result in a loss of consumer confidence if breached?
  • What assets would cause grave reputational harm and dilute shareholder value, if compromised?To help create an effective road map to a mature cybersecurity function, CFOs can ask several key questions right now:
  • What is our overall risk tolerance?
  • What is my organization’s current exposure to cyber risk?
  • How does our preparedness compare to our competitors?
  • Is our cyber risk exposure consistent with our risk tolerance?
  • Are there adequate processes in place to prevent, detect, contain and respond to a cyber attack?
  • Do we have a plan for how we will respond to a cyber attack?
  • Have we tested the plan thoroughly so there is no time delay when the breach occurs?
In today’s 24/7 media cycle, global organizations need a thoroughly tested cyber-attack plan that prepares the company to respond no matter where or when the breach occurs. Communication to the media and investors is absolutely critical in the wake of a breach, because it may sway the media and the market’s response, which can impact share price.
Having a well-planned response as part of the cybersecurity strategy helps give peace of mind to investors and the board of directors and helps the company better control the outcome.
CFOs need to collaborate with their CIO, the board and cybersecurity experts to be prepared for the first signs of a breach. The plan should include:
  • Regulatory relations
  • Media relations
  • Investor relations
  • IT
  • Risk
Banking and capital markets: prime targets
All sectors are at risk from cyber attacks. Banking and capital markets, for example, are exposed for two reasons:
1.      Their most precious assets are mostly electronic.
2.      They are information organizations with huge volumes of transactions and communications that are vulnerable to infiltration.

Banking is a highly regulated industry. The requirements relating to how companies protect the data in their possession is forever tightening in the name of security. That means that in addition to the inherent financial and reputational risks, there are criminal risks for noncompliance.

The good news is that financial services CFOs are ahead of their peers in other industries when it comes to managing who has access to sensitive data. But the volume of transactions and global reach of today’s consumers and suppliers also makes it easy for cybercriminals to hide the evidence of their attacks. To create and continually update a cybersecurity system that is more sophisticated than the ones the hackers are using, management needs to fully understand the bank’s workflow through the back, middle and front offices.


While banking and capital markets will always be vulnerable to attacks, acquisitions can render them particularly vulnerable. The only way companies in these industries can identify threats before the damage exposed during an acquisition is too great is by applying data analytics that detect anomalies in the way employees, suppliers and customers behave.

Comments

Popular posts from this blog

Python and Parquet Performance

In Pandas, PyArrow, fastparquet, AWS Data Wrangler, PySpark and Dask. This post outlines how to use all common Python libraries to read and write Parquet format while taking advantage of  columnar storage ,  columnar compression  and  data partitioning . Used together, these three optimizations can dramatically accelerate I/O for your Python applications compared to CSV, JSON, HDF or other row-based formats. Parquet makes applications possible that are simply impossible using a text format like JSON or CSV. Introduction I have recently gotten more familiar with how to work with  Parquet  datasets across the six major tools used to read and write from Parquet in the Python ecosystem:  Pandas ,  PyArrow ,  fastparquet ,  AWS Data Wrangler ,  PySpark  and  Dask . My work of late in algorithmic trading involves switching between these tools a lot and as I said I often mix up the APIs. I use Pandas and PyArrow for in-RAM comput...

How to construct a File System that lives in Shared Memory.

Shared Memory File System Goals 1. MOUNTED IN SHARED MEMORY The result is a very fast, real time file system. We use Shared Memory so that the file system is public and not private. 2. PERSISTS TO DISK When the file system is unmounted, what happens to it? We need to be able to save the file system so that a system reboot does not destroy it. A great way to achieve this is to save the file system to disk. 3. EXTENSIBLE IN PLACE We want to be able to grow the file system in place. 4. SUPPORTS CONCURRENCY We want multiple users to be able to access the file system at the same time. In fact, we want multiple users to be able to access the same file at the same time. With the goals now in mind we can now talk about the major design issues: FAT File System & Design Issues The  FAT File System  has been around for quite some time. Basically it provides a pretty good file structure. But I have two problems with it: 1. FAT IS NOT EXTENSIBLE IN PLAC...

Fetching Facebook Friends using Windows Azure Mobile Services

This tutorial shows you how to fetch Facebook Friends if you have Facebook accessToken. Here is the the code for Scheduled task called getFriends function getFriends() { //Name of the table where accounts are stored var accountTable = tables.getTable('FacebookAccounts'); //Name of the table where friends are stored var friendsTable = tables.getTable('Friends'); checkAccounts(); function checkAccounts(){ accountTable .read({success: function readAccounts(accounts){ if (accounts.length){ for (var i = 0; i < accounts.length; i++){ console.log("Creating query"); //Call createQuery function for all of the accounts that are found createQuery(accounts[i], getDataFromFacebook); } } else { console.log("Didn't find any account"); prepareAccountTable(); } }}); } function prepareAccountTable(){ var myAccount = { accessToken: "", //enter here you facebook accessToken. You can retrieve ...