Historically, cyber criminals have targeted the weakest link. But times are changing. Now, instead of considering the weakness of a target, cyber attackers focus its potential.
Organizations need to realize there’s a new normal when it comes to cybersecurity. Cyber criminals aren’t the hackers that used to breach a system just to see if they could do it. Today, these highly intelligent offenders are organized, patient, and well-funded, with the means to effectively compromise large-scale networks, as we all have seen in recent headlines.
Cyber threats will continue to grow
The threat of cybersecurity breaches will only increase as the Internet of Things (IoT) wave of connected products – with all of their glitches and loopholes – enter the marketplace.
For that and many other reasons, cybersecurity is topping the agenda of C-suite board meetings across the globe, and it’s not just the CIO who’s under the spotlight.
Cybersecurity is not just the CIO’s responsibility anymore
This is no longer just an IT issue; it’s a boardroom issue. Organized cyber criminals target a company’s most important information, or its “crown jewels.” When sophisticated cyber attacks are successful, they can be devastating for a company’s reputation, as well as its bottom line.
That’s why every member of the leadership team – especially the CFO – needs to understand the seriousness of a cybersecurity breach and take action to prepare for it.
How can the CFO fight cyber crime?
There are 2 key approaches that a CFO should take to address cyber risk:
- Develop a comprehensive transformational roadmap outlining how the organization will manage and respond to cyber attacks
- Develop a long-term funding model to support the organization’s fight against cybercrime
The Ernst & Young (EY) report, “Get ahead of cybercrime: EY’s Global Information Security Survey 2014,” addresses these issues and says organizations should have a comprehensive security plan that starts with the following foundations:
- Security assessment and roadmap.
Assess the cyber threat level, your current state, your target state, and create a gap analysis. Design your implementation roadmap so it aligns with leading practices such as ISO 27001.
- Get board-level support for security transformation.
Realign cybersecurity so it is outside of the IT function, and ensure board members understand and agree with the changes.
- Review and update current security policies and procedures.
Develop an Information Security Management System (ISMS).
- Establish a Security Operations Center (SOC).
Develop monitoring and incident response procedures.
- Design and implement tighter cyber security controls.
Assess your current Identity and Access Management (IAM) system, stiffen the security of IT assets such as servers, firewalls, network components and databases.
- Test business continuity plans and incident response procedures.
Conduct regular penetration tests to identify possible weaknesses.
The CFO needs to develop a long-term funding model to support these initiatives as well as future cybersecurity needs as they arise, because cyber attacks are constantly changing to become more complex and harder to detect.
The reputational and financial risks of a cybersecurity breach are so great that companies can’t just sit back and cross their fingers, hoping that it won’t happen to them. In order to get ahead of cybercrime, business leaders need to take action – not to prevent it, but to be prepared for it.
This information was based on EY’s Global Information Security Survey 2014.
To learn more about cyber security and digital transformation, download the SAP eBook, Digital Disruption: How Digital Technology is Transforming Our World.
For a detailed look at how the digital age is affecting business, download the SAP eBook, The Digital Economy: Reinventing the Business World.
How can you get ahead of cybercrime? Learn the 3 stages of cybersecurity readiness.
Discover 3 security roadblocks that could make your company a target for cyber criminals.