Cyber Risks Facing Financial Executives
Drew Del Matto, Chief Financial Officer of Fortinet
As global cyberattacks persist, cybersecurity is becoming a main focus for top management. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.
This is especially true of finance teams and financial executives. Financial executives are tasked with the job of ensuring consistent fiscal well-being and driving economic growth within their organisations, while determining and avoiding risk factors. To this end, corporate finance teams have to be concerned with and take ownership of cybersecurity initiatives within their organisations.
These breaches can result in non-compliance fines and reputational damage that can have lasting effects on the bottom line, with 85 percent of managers at financial institutions stating damage to reputation as the most prominent consequence of a data breach. With GDPR taking effect in May 2018, the consequences of not following regulations and compliance standards will take on a new level of financial and reputational penalties, including damage to the digital trust that you have with your customers, employees, investors and other stakeholders.
Due to the various types of monetary transactions and data that go through the finance department – bank account information, money transfers, invoices and more – these teams are prime targets for cyberattacks. As financial executives get proactive about cybersecurity, here are some of the top attack methods and vectors, along with mitigation strategies to consider.
- Malware and Ransomware
Of the 85 percent of businesses that have experienced security incidents in that past two years, 47 percent were targeted with malware and ransomware. These attacks are commonly disseminated through unpatched vulnerabilities and social engineering.
- Phishing and Internal Threats
Phishing scams are popular ways for cybercriminals to target organizations’ finances, with multiple instances of scammers impersonating authoritative business figures to request money transfers. Phishing emails that appear to be innocuous are also popular ways to infect machines with malware and ransomware in malicious attachments and links.
- The Cloud Requires a Different Approach to Security
Many organisations are currently moving operations to cloud environments as part of their digital transformation initiatives. While the cloud is not inherently insecure, it requires a different set of security capabilities than traditional network infrastructure.
To mitigate the financial risks posed by these and other threats, financial executives should work with leaders and departments across the organisation to build a secure environment, in terms of both personnel and IT infrastructure.
Build a Cyber-Aware Culture
One way to do this is to ensure your organisation is aware of common cyber threats. Being aware of your own susceptibility to cyberattacks will make your organisation more equipped to handle them. Financial executives can do this by having employees participate in cybersecurity training that will make them more cautious when opening emails from unknown sources or with suspicious content.
Additionally, executives should encourage IT to administer cyber threat assessments at regular intervals to understand where the business is vulnerable and build defenses accordingly.
Deploy Security Solutions
With a cyber-aware culture, executives must then ensure that the organisation has the proper security architecture in place to detect, isolate, and mitigate any breach in real-time across distributed environments.
By implementing a fabric-based approach to security, organisations can get real-time intelligence of data movement across their network from endpoints to the cloud. The integration of security tools ensures that each solution is up-to-date with the most current threat intelligence, and provides single management.
Finally, financial executives need to make sure there is a clear understanding of which data is the most critical, where that data is stored, and who has access to it. Among the most effective ways to do this is with internal segmentation and access management. Internal segmentation ensures that in the event of a breach this data is not compromised while giving greater visibility into lateral data movement. Access management ensures that only necessary employees are able to access this data, reducing internal threats.
Cybersecurity is no longer just a job for IT teams. With sophisticated attacks that can do permanent damage to an organization’s bottom line, C-level executives, especially in finance, have to take a leading role in cybersecurity initiatives. The most effective way to do this is by building a culture of cybersecurity awareness and ensuring the correct tools are in place to detect and mitigate threats.
This article was written by Drew Del Matto, Chief Financial Officer of Fortinet