By Drew Del Matto, Chief Financial Officer, Fortinet
As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.
This is especially true of finance teams and financial executives. Financial executives are tasked with the job of ensuring consistent fiscal well-being and driving economic growth within their organizations, while determining and avoiding risk factors. Additionally, 38 percent of employees in financial roles claimed CFO as the role responsible for cybersecurity at their organization. To this end, corporate finance teams have to be concerned with, and take ownership of, cybersecurity initiatives within their organizations.
These breaches can result in non-compliance fines and reputational damage that can have lasting effects on the bottom line, with 85 percent of managers at financial institutions stating damage to reputation as the most prominent consequence of a data breach. With GDPR taking effect in May 2018, the consequences of not following regulations and compliance standards will take on a new level of financial and reputational penalties, including damage to the digital trust that you have with your customers, employees, investors and other stakeholders.
Cyber Risks Facing Financial Executives
Due to the various types of monetary transactions and data that go through the finance department – bank account information, money transfers, invoices and more – these teams are prime targets for cyberattacks. As financial executives get proactive about cybersecurity, here are some of the top attack methods and vectors, along with mitigation strategies to consider.
- Malware and Ransomware
Of the 85 percent of businesses that have experienced security incidents in that past two years, 47 percent were targeted with malware and ransomware. These attacks are commonly disseminated through unpatched vulnerabilities and social engineering.
- Phishing and Internal Threats
Phishing scams are popular ways for cybercriminals to target organizations’ finances, with multiple instances of scammers impersonating authoritative business figures to request money transfers. Phishing emails that appear to be innocuous are also popular ways to infect machines with malware and ransomware in malicious attachments and links. This is one way your own employees pose a risk to your organization. Employees that lack cybersecurity awareness are susceptible to fall victim to phishing attacks by clicking on these links and opening attachments.
- The Cloud Requires a Different Approach to Security
Many organizations are currently moving operations to IaaS and SaaS cloud environments as part of their digital transformation initiatives. While the cloud is not inherently insecure, it requires a different set of security capabilities than traditional network infrastructure. Organizations will often deploy multiple security tools within their cloud or multi-cloud environments that decrease data visibility and movement, as well as security management capabilities. To ensure a secure cloud, organizations must deploy the proper security architecture for the environment.
To mitigate the financial risks posed by these and other threats, financial executives should work with leaders and departments across the organization to build a secure environment, both in terms of personnel and IT infrastructure.
Build a Cyber-Aware Culture
One way to do this is to ensure your organization is aware of common cyber threats. Being aware of your own susceptibility to cyberattacks will make your organization more equipped to handle them. Financial executives can do this by having employees participate in cybersecurity training that will make them more cautious when opening emails from unknown sources, or emails that contain suspicious content.
Additionally, executives should encourage IT to administer cyber threat assessments at regular intervals to understand where the business is vulnerable and build defenses accordingly.
Deploy Security Solutions
With a cyber-aware culture, executives must then ensure that the organization has the proper security architecture in place to detect, isolate, and mitigate any breach in real-time across distributed environments.
By implementing a fabric-based approach to security, organizations can get real-time intelligence of data movement across their network from endpoints to the cloud. The integration of security tools ensures that each solution is up-to-date with the most current threat intelligence, and provides single-pane of glass management.
Finally, financial executives need to make sure there is a clear understanding of which data is the most critical, where that data is stored, and who has access to it. Among the most effective ways to do this is with internal segmentation and access management. Internal segmentation isolates sensitive data behind a special-purpose firewall, ensuring that in the event of a breach this data is not compromised while giving greater visibility into lateral data movement. Access management ensures that only necessary employees are able to access this data, reducing internal threats.
Cybersecurity is no longer just a job for IT teams. With sophisticated attacks that can do permanent damage to an organization’s bottom line, C-level executives, especially in finance, have to take a leading role in cybersecurity initiatives. The most effective way to do this is by building a culture of cybersecurity awareness and ensuring the correct tools are in place to detect and mitigate threats.
About the author:
Drew Del Matto brings over 20 years of financial management experience and expertise in the network security market. Prior to joining Fortinet, Drew held a variety of senior management roles at Symantec including acting chief financial officer, as well as senior vice president and chief accounting officer. Drew also served as Symantec’s corporate treasurer and vice president of finance business operations, responsible for all treasury functions, various aspects of mergers & acquisitions, pricing and licensing, financial planning and analysis, and revenue operations. Prior to Symantec, Drew held senior finance leadership roles with Inktomi Corporation and SGI Corporation. He began his career as a CPA in public accounting with KPMG LLP.