There’s always a temptation to think that cyber security is something that can be rolled out annually and be forgotten about. Instead, C-suite executives need to work closer together so that a business can become more proactive around protecting its most important asset – its data.
Nathan Desfontaines, cyber security manager at professional services firm, KPMG. in South Africa, warns that, given the connectedness of organisations today, cyber security has become a fundamental part of business.
He believes that this environment is challenging Chief Financial Officers (CFOs) to look at operational requirements differently.
“One of the biggest mistakes any company can make is to relegate cyber security to the Chief Information Officer’s (CIO) office. With technology permeating every aspect of business, this silo approach no longer holds true. In fact, it can open the organisation to a number of risks, not least of which is having its data compromised,” he says.
With the CIO traditionally reporting to the CFO for new technology implementations (considering the cost implications for the business), the finance office is in a unique position to gain an organization wide perspective on the IT systems and process in place.
“While there is no such thing as complete security, there are a number of measures that can be taken to minimise the likelihood of a breach. In the digital world, these breaches result in not only significant financial damage but reputational damage as well. And, if the breach is significant enough, the company risks not being able to recover at all from such an attack,” Desfontaines points out.
The top four means of incursion into a network are through exploiting system vulnerabilities, default password violations, SQL injections and targeted malware attacks. To prevent this, it is necessary to shut down each of these avenues into the information assets of the business.
It is important that a company identifies threats by correlating real-time alerts with global intelligence. Security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information provided can be correlated in with current research and analysis of the worldwide threat environment.
Additionally, companies should automate security through IT compliance controls. By developing and enforcing IT policies across their networks and data protection systems, C-suite executives can help prevent a data breach caused by a hacker or a malicious insider. This mechanism works best for protecting sensitive information.
“It is important to remember that cyber security impacts on all parts of the organisation – from human resources and compliance, to business continuity and brand communications. Organisations that see this as an integrated process are the ones that are best able to differentiate themselves from their competitors. So, as much as some CFOs think that security is just a matter of rands and cents, the impact on the company is much more significant,” concludes Desfontaines.