I’m a CFO and I’ve been hacked!
By Digital News Asia April 6, 2016
- Does your finance function have a plan to fail? It should!
- Hostile nation states, digitally-enabled terrorists, conniving competitors, and more
CYBERSECURITY is growing too dangerous and powerful to ignore and a head-in-the-sand attitude to this once nascent, now pervasive threat is no longer an option, according to a new study by the Institute of Management Accountants (IMA) and the Association of Chartered Certified Accountants (ACCA).
The joint study, Cybersecurity – Fighting Crime’s Enfant Terrible, is an assessment of the cyberthreat landscape across the globe, the two organisations said in a statement.
The study tracks current and future cybersecurity trends and highlights particular areas that are likely to have a direct impact on the future of the accountancy profession.
“Exploitation of the myriad weaknesses within cybersecurity is now being perpetrated by a rogues gallery of hostile nation states, digitally-enabled terrorists, conniving competitors, organised crime syndicates, hacktivists and even the odd disgruntled employee,” said Faye Chua, ACCA’s head of business insights.
“From health records to credit cards, individual pieces of confidential data are fetching up to US$45 per unit on the black market.
“With databases holding millions of records now commonplace, the consequences of a breach have become too serious to ignore,” she added.
Amid escalating cybercrime episodes across the globe, the criminal enterprise is presenting a number of threats for the finance profession – and the theft of financial assets through cyber-intrusions is the second largest source of direct loss from cybercrime, according to one study noted in the report.
Accountants and finance professionals can, and should, play a leading role in defining key areas of a strategic approach to mitigating cybercrime risks.
- Creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, so that a business can be realistic about its ability to respond to an attack and/ or recover from it;
- Defining a risk-management strategy;
- Helping businesses establish priorities for their most valuable digital resources, in order to implement a ‘layered’ approach to cybersecurity; and
- Closely following the work of government and various regulators in order to have clear, up-to-date information on adequate legislation and on requirements for adequate disclosure and prompt investigation of cybersecurity breaches.
“When establishing a plan, it is important to be realistic about the resources at your disposal so you can deploy them appropriately,” said IMA vice president of research and policy Raef Lawson.
“To be effective, implement a ‘layered’ approach to cybersecurity that establishes priorities for your most valuable digital resources,” he added.
The study also found that accountants and other finance professionals clearly understand the importance of the issue – 85% of respondents said that management at their respective companies was concerned about cybercrime risks.
“Predicting the potential implications of a breach is crucial to enabling a swift recovery should the unthinkable occur,” said the ACCA’s Chua.
“Putting a ‘plan for failure’ in place might feel like an admission of weakness, but it is the best way to accelerate the process of repair after an incident.
“Professional accountants possess both industry knowledge and a strategic understanding of the overarching strategy of the organisation.
“In addition, they boast a well-deserved reputation for being fiercely analytical of potential risks to the safety of their clients and employers,” she added.
A PDF of the full report can be downloaded here.
CFOs, finance teams failing at technology: ACCA report
Robot invasion in finance, and what CFOs should do
CFO and CTO? It’s the CFTO next
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.