Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

PROTECTING YOUR BOTTOM LINE FROM CYBER RISKS

By Drew Del Matto, Chief Financial Officer, Fortinet

As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.

This is especially true of finance teams and financial executives. Financial executives are tasked with the job of ensuring consistent fiscal well-being and driving economic growth within their organizations, while determining and avoiding risk factors. Additionally, 38 percent of employees in financial roles claimed CFO as the role responsible for cybersecurity at their organization. To this end, corporate finance teams have to be concerned with, and take ownership of, cybersecurity initiatives within their organizations.

These breaches can result in non-compliance fines and reputational damage that can have lasting effects on the bottom line, with 85 percent of managers at financial institutions stating damage to reputation as the most prominent consequence of a data breach. With GDPR taking effect in May 2018, the consequences of not following regulations and compliance standards will take on a new level of financial and reputational penalties, including damage to the digital trust that you have with your customers, employees, investors and other stakeholders.

Cyber Risks Facing Financial Executives

Due to the various types of monetary transactions and data that go through the finance department – bank account information, money transfers, invoices and more – these teams are prime targets for cyberattacks. As financial executives get proactive about cybersecurity, here are some of the top attack methods and vectors, along with mitigation strategies to consider.

  • Malware and Ransomware

Of the 85 percent of businesses that have experienced security incidents in that past two years, 47 percent were targeted with malware and ransomware. These attacks are commonly disseminated through unpatched vulnerabilities and social engineering.

  • Phishing and Internal Threats

Phishing scams are popular ways for cybercriminals to target organizations’ finances, with multiple instances of scammers impersonating authoritative business figures to request money transfers. Phishing emails that appear to be innocuous are also popular ways to infect machines with malware and ransomware in malicious attachments and links. This is one way your own employees pose a risk to your organization. Employees that lack cybersecurity awareness are susceptible to fall victim to phishing attacks by clicking on these links and opening attachments. 

  • The Cloud Requires a Different Approach to Security

Many organizations are currently moving operations to IaaS and SaaS cloud environments as part of their digital transformation initiatives. While the cloud is not inherently insecure, it requires a different set of security capabilities than traditional network infrastructure. Organizations will often deploy multiple security tools within their cloud or multi-cloud environments that decrease data visibility and movement, as well as security management capabilities. To ensure a secure cloud, organizations must deploy the proper security architecture for the environment.

To mitigate the financial risks posed by these and other threats, financial executives should work with leaders and departments across the organization to build a secure environment, both in terms of personnel and IT infrastructure.

Build a Cyber-Aware Culture

One way to do this is to ensure your organization is aware of common cyber threats. Being aware of your own susceptibility to cyberattacks will make your organization more equipped to handle them. Financial executives can do this by having employees participate in cybersecurity training that will make them more cautious when opening emails from unknown sources, or emails that contain suspicious content.

Additionally, executives should encourage IT to administer cyber threat assessments at regular intervals to understand where the business is vulnerable and build defenses accordingly.

Deploy Security Solutions

With a cyber-aware culture, executives must then ensure that the organization has the proper security architecture in place to detect, isolate, and mitigate any breach in real-time across distributed environments.

By implementing a fabric-based approach to security, organizations can get real-time intelligence of data movement across their network from endpoints to the cloud. The integration of security tools ensures that each solution is up-to-date with the most current threat intelligence, and provides single-pane of glass management.

Finally, financial executives need to make sure there is a clear understanding of which data is the most critical, where that data is stored, and who has access to it. Among the most effective ways to do this is with internal segmentation and access management. Internal segmentation isolates sensitive data behind a special-purpose firewall, ensuring that in the event of a breach this data is not compromised while giving greater visibility into lateral data movement. Access management ensures that only necessary employees are able to access this data, reducing internal threats. 

Cybersecurity is no longer just a job for IT teams. With sophisticated attacks that can do permanent damage to an organization’s bottom line, C-level executives, especially in finance, have to take a leading role in cybersecurity initiatives. The most effective way to do this is by building a culture of cybersecurity awareness and ensuring the correct tools are in place to detect and mitigate threats.

About the author:

Drew Del Matto brings over 20 years of financial management experience and expertise in the network security market. Prior to joining Fortinet, Drew held a variety of senior management roles at Symantec including acting chief financial officer, as well as senior vice president and chief accounting officer. Drew also served as Symantec’s corporate treasurer and vice president of finance business operations, responsible for all treasury functions, various aspects of mergers & acquisitions, pricing and licensing, financial planning and analysis, and revenue operations. Prior to Symantec, Drew held senior finance leadership roles with Inktomi Corporation and SGI Corporation. He began his career as a CPA in public accounting with KPMG LLP.