CFOs need to take a broader view on risks
1. Phishing
Staff either open attachments or click on links in emails that download malicious code, or they are lured into providing passwords and login details.
2. Malware
Rogue software, such as computer viruses, is loaded onto an enterprise system as a result of a phishing attack or by staff accessing compromised websites.
3. Data theft
Unauthorised system access by hackers leads to data breach and theft. Disgruntled personnel may use thumb drives to download files without authority.
4. Shadow IT
Business units buy cloud-based computing services without the oversight of the IT team, so risk creating systems vulnerabilities when they link these systems to core enterprise applications.
5. Distributed Denial of Service
A coordinated attack using botnets (hijacked computers) to access an online service; the flood of bots blocks access to the service for legitimate users.
6. Ransomware
Malware is used to encrypt company data and a ransom is then demanded to access the encryption key. Ransomware is now in decline as many companies have learned to protect themselves with rigorous and regular back-ups.
7. Zero-day exploits
Hackers may seek to exploit software flaws, using them as a way into a company’s systems. Regular software patching reduces the risk.
8. Crypto-jacking
Hackers gain access to poorly protected computing resources and hijack them to mine cryptocurrencies such as Bitcoin. This dramatically slows computing speeds for bona fide processing.
If you have a major cybersecurity event that impacts the organisation’s records, whether there is a financial penalty or not, there is an impact on the trust of the organisation and on reputation which will ultimately impact the finances.
Always keep up to date, maintain dialogues with your IT providers, be proactive and take charge.
Article originally published by Acuity.partica.online. (2019). [online] Available at: https://acuity.partica.online/acuity/august-september-2019/insight/the-era-of-the-cyber-resilient-cfo