In his presentation titled The Inconvenient Truth About Cybersecurity at CFO South Africa’s Finance Indaba Africa, which took place on 14 October 2016, KPMG Cyber Security Manager Nathan Desfontaines called on CFOs to be more involved in finding solutions to dealing with cyber attacks in their organisations.
By Tiisetso Tlelima
According to Nathan cyber attacks are increasing at an alarming rate across the world. The more that technology grows and becomes more complex, the more hackers try to find a way into the system. The growing of technology is what underpins the need for cybersecurity.
CFOs should therefore not dump the responsibility for cyber security on the shoulders of CIOs and rather be involved in finding viable solutions to minimise cyber attacks. The issue of cyber security should not only be discussed at an operation level but should be something that is discussed at boardroom level. Clear strategies must be put in place to fight cyber attacks.
"Companies need to accept that the vulnerability is there and figure out what they're going to do when the attack happens."
The threat landscape is ever-changing. In the next few years extortion-driven attacks and ransomware attempts will increase and the pressure to disclose data breaches and threat responses will intensify.
CFOs need to make the right decisions on how to protect their companies from eminent attacks. They need to be clued up on emerging threats and change all processes when needed. "Unfortunately, historically the hacker has always been successful because we're always chasing them and we only know of an attack once it has happened," Nathan said.
However, this does not mean that CFOs must throw in the towel. Nathan told conference attendees they need to stay vigilant now more than ever and identify their company's critical assets, associated risks and vulnerabilities, and create the necessary culture of security and privacy.
CFOs should drive awareness campaigns to educate employees on cybersecurity, and set aside a budget for fighting cyber attacks and getting the necessary cyber insurance.
Security controls should be put in place for the entire company including subsidiaries and affiliates to ensure incidents do not happen again. Security systems should be monitored regularly to ensure that security has not been breached.
Nathan added that cyber attack damages go beyond direct financial loss and could ruin reputations. Although not everything can be protected, companies should try to protect as much as possible because hackers will attack their systems through the weakest link.