Businesses today face an ever-evolving threatscape with growing pressure to rethink security strategies for long-term sustainability.
As a result, corporate finance teams are more actively partnering with IT to ensure the organization’s security strategies protect critical financial data. Fortinet’s Araldo Menegon -Global Managing Director Financial Services discusses the issues and trends affecting corporate finance teams today.
Since security is managed by IT, why do finance teams need to get involved?
More and more companies are realizing increasing exposure to cyber threats. As employees bring more devices into the workplace, data and applications communicate with the cloud, and as businesses share more information with vendors and partners, the footprint for security grows wider.
So in one sense, security needs to be “managed” by everyone in an organization. More specifically, a company’s financial information can be a key target for malicious attacks, so finance teams need to know how to limit their vulnerabilities.
What’s the most common security threat for businesses?
Email scams and phishing continue to be a primary cyber concern. Cyber criminals are becoming increasingly sophisticated in their attacks, with subject lines and “information” more targeted to your employees’ interests. In a recent study, 30 percent of employees opened a phishing email, and 12 percent then clicked on an infected document or link, allowing the malware to run its course.
What the malware is then programmed to do varies according to the intent of the attack. It could distribute spyware to collect information about a user or system without your knowledge, run malicious code to damage targeted systems or applications, or embed ransomware, which shuts off access to data or systems until you pay for its release.
How do corporate finance teams protect against these growing threats?
To level-set expectations, keep in mind that you can’t entirely prevent a compromise, but you can control how prepared you are to react and respond. Here are specific actions for CIOs and their teams to consider:
Evaluate the applications you deploy and where they sit. Applications that are hosted directly on the Internet are more easily compromised. Be sure your finance applications have a secure “front” or point of access, with proper security systems protecting the flow of information between applications and data.
Establish security requirements for finance vendors. Remember that you can protect your own system, but if a malicious attack targets a vendor, your data can still be breached. Work with your IT counterparts: Take a look at all the vendors your company does business with and note what level of access they have into your environment. Build a template with
key questions and considerations to assess the security of any third party, and determine the minimum requirements your vendors need before they can do business with your organization. You should also closely monitor those conduits.
Regularly identify and inventory all devices used by finance. Operational devices, such as computers, servers, and printers, are all vulnerable points of entry for an attack. Cyber criminals have been known to target devices that were thought to be decommissioned but were still connected to the network. Finance can help ensure that all assets are properly monitored so that such vulnerabilities are limited.
Train your teams and ensure accountability. A variety of technology is available on the market to help both train and test your work force in online, interactive scenarios. It’s important to do this as a continuous process to ensure that this training and testing is updated and adapts to the latest attack methods. Then be sure that any employee who regularly strays from security protocols is held accountable. Even the best training will be ineffective if employees are not responsible for repeated lapses in their behavior.
Review security controls with internal stakeholders. Corporate finance teams need to work closely with the risk/compliance team, IT, and other lines of business to evaluate processes, governance, and controls that are in place.
Once a breach has occurred, what can a finance team do?
This is where partnership with your IT security team is key. Once an attacker is inside your network, they have bypassed your edge protection layer; however, you still have a chance to minimize the impact of the beach by segmenting your network into security zones. This will allow you to create various choke points to help isolate the breach and monitor and secure traffic as it moves between security zones.
Sandboxing is another solution that IT can deploy to manage potentially nefarious data that initially breaches the network.
This software can detect previously unseen or sophisticated malware and route it to a sandbox with equally sophisticated analytics. Make sure your sandbox technology can interact with other enforcement points—such as your email security technology, NG firewalls, endpoints, as well as various others—to take action.
Finally, in the unfortunate event of a breach, every finance organization needs a documented procedure to assess damage, repair systems and machines, and restore normal operations. Regular security drills can help your team implement recovery quickly and efficiently, when it’s needed most.