In today’s digital world, cybersecurity is an issue that is top of mind for every company. Whether it’s worrying about the malware threat from employees chasing Pokemon around the office, to large-scale breaches such as that seen with Wendy’s earlier this year, executives face a greater challenge than ever in ensuring that data is protected in the enterprise.
While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. In fact, a recent report from Deloitte noted that U.S. financial services companies lost on average $23.6 million from cybersecurity breaches in 2013 – the highest average loss across all industries. Information is the new sinew of war – beyond customer information, a company’s internal assets are also at risk, from financial and strategic plans to employees’ personal data and so on. An attack on this data (either for leakage, manipulation, ransom or other malicious intent) could seriously endanger CFO relationships and trust with a number of important parties. It could also lead to business disruptions and loss of market share, not to mention potentially hefty fines.
In this slideshow, Thack Brown, global head for SAP‘s Line of Business Finance, has identified five ways organizations — in particular CFOs – can stay ahead when it comes to cybersecurity.
Staying Ahead of Cyber Threats
Click through for five ways organizations, especially CFOs, can stay ahead of cybersecurity threats, as identified by Thack Brown, global head of Line of Business Finance at SAP.
Provide Security Education
Outside of IT, it is essential that every employee, from line managers to the C-suite, receive training on cybersecurity trends and threats — whether it is setting up company-wide training or nominating a cybersecurity subject matter expert whose role is to set overall standards and advise the board. Given the high stakes, understanding a company’s risk is a critical component in fending off a potential breach. This should be a key priority for the CFO, to make sure that the risk of cyber attacks is understood and potential impacts are addressed, especially when it comes to protecting critical financial planning documents.
Evaluate Your Data
In response to the growing number of breaches, many companies have taken an overly cautious approach, deciding to strictly protect all of their data. However, not only does this come with a hefty price tag but, since resources are often limited, it could also mean overlooking some valuable assets. According to a 2014 study from Saugatuck Technology, many finance departments tend to be more cautious when it comes to moving data from the “money” function – such as treasury, core accounting and revenue management data – to the cloud, but tend to be less concerned with managerial data such as expense management, planning and forecasting. Not all information is critical or confidential – in order to prioritize data protection needs, CFOs should work with their finance teams to evaluate which data is critical and rank it appropriately.
Map Your Data Assets
Once data is evaluated and ranked, it is also important to know where the data lives and how it can be accessed. This might seem like a ”no-brainer,” but a recent EY study found that only 40 percent of companies hold an accurate inventory of their data ecosystem. In order to truly protect information, CFOs and finance teams need to understand how it is being accessed in order to get a holistic picture of potential vulnerabilities.
Consider Existing Risk and Address Vulnerabilities
Cybersecurity is no different than any other risk assessment that a CFO needs to perform in order to keep the finance department running smoothly. The CFO is responsible for managing the risk created by or affecting finance operations. Applying a root cause approach is very relevant in this case as it will help find the weakest link, but it is important to not stop at IT impacts. To understand the real exposure of each vulnerability, roll up the risk chain and assess the business, strategic and also operational effects resulting from a data breach.
Be Proactive and Have a Good Offense
The best defense is a good offense, so it’s critical that CFOs routinely run test scenarios to make sure that protective measures are functioning and weaknesses in the structure are addressed. It may not be the best idea to encourage finance teams to attempt to hack their own data, but SAP does recommend partnering with your IT department and letting the experts run some tests. Internal auditors assure management and the board that they are receiving accurate information and ensure structural risks are addressed. By being proactive, CFOs can deter future breaches before they unfold, as well as protect their own personal liability in the event of a breach.