Jeff Glenzer CTP, Vice President and Chief Operating Officer, AFP
With little doubt, data security is fast becoming among the most critical threats institutions—public and private—face on a global scale. According to the Identity Theft Resource Center (ITRC), as of Sept. 9, there were 23 breaches in 2014 in the U.S. banking, credit and financial markets, compromising more than 172,000 records. Overall, there have been 533 breaches, compromising 18.7 million records, IRTC said.
The problem has become so widespread that the U.S. Department of Homeland Security (DHS) has designated October as National Cyber Security Awareness month. What's more, the World Economic Forum estimates a 10% chance of a major infrastructure breach occurring over the next 10 years, potentially costing the global economy upwards of US$250 billion.
Obviously, the consequences of a data breach are potentially severe—ranging from serious financial and data losses to lost working hours and sheer bad publicity. Specific to finance, a sophisticated hacking job could result in:
Payment fraud—An apparent communication from a vendor could actually be a phishing email to obtain your company's payment information.
Reputational risk—A breach can cause a ripple effect negatively impacting your borrowing ability and bond rating.
Finance and treasury departments have an important role to play in protecting their companies from cyber threats. There are five definitive steps finance departments can take to mitigate the risks—from making security system improvements to purchasing cyber insurance—and help safeguard their companies' data.
Administer continuous threat assessments—Knowing the threats—and separating the real from the mythological—is a critical step toward avoiding attacks. Having this valuable information helps companies “minimize the 'threat attack window' and limit the amount of time an adversary gains access to the network before they are discovered,” says Lyon Poh, head of IT assurance and security for KPMG in Singapore. “Threat intelligence is the 'mechanism' that drives cybersecurity investment and operational risk management.”
Conduct regular tech updates—Working closely with the IT department, finance should be a critical part of the process to ensure the company has the latest software updates, malware protection and other defensive tools at its disposal. Keeping up to date helps you stay ahead of the hackers.
Appoint an executive cyber leader and/or task force—“You really need to have people that are focused on [cybersecurity] at the company,” says Larry Zelvin, director of the National Cybersecurity and Communications Integration Center at DHS. Doing so not only offers a layer of protection and intelligence, but it also sends the message that people at the highest levels of the organization take the issue seriously and are proactively managing it.
Share best practices—Competing companies are typically reluctant to trade notes, but it can be very beneficial in preventing attacks. “This reluctance has to be put aside,” U.S. Treasury Secretary Jack Lew recently said. “There cannot be a code of either silence or secrecy about the steps necessary to protect our basic security. Sharing information is far too essential.”
Consider purchasing cyber insurance—Cyber insurance can prove to be a worthy investment in the long run. For example, companies that offer cyber insurance often provide (and insist clients adhere to) a carefully culled list of approved tech vendors. This can save time, costs and headaches.
Treasurers and CFOs can ill afford to wait for any government standards or rulings on cybersecurity. Although the National Institute of Standards and Technology released its cybersecurity framework earlier this year “for reducing cyber risks to critical infrastructure,” businesses must be proactive to protect their networks.
In the meantime, the Association for Financial Professionals will continue to generate the most up-to-date information on cybersecurity and its implications for treasury and finance. We are currently gearing up for our Annual Conference, which will take place Nov. 2-5 and will feature luminaries such as former Federal Reserve Chairman Dr. Ben S. Bernanke and journalist/author Thomas Friedman. We are also pleased to announce that Gen. Keith B. Alexander (Ret.), former director of the NSA, will present his views on cybersecurity.