This is not an easy time for CFOs. In the past year, traditional working practices have been transformed as the world quickly shifted to a remote model, with this epochal change enabled by rapid cloud migration and digital transformation.
So, it is little wonder that people, who are more used to worrying about pounds and dollars, are now starting to become more than a little concerned about cyber security.
The professional services network, Grant Thornton recently released a report which reveals the latest concerns for CFOs, who are alarmed that the new era has made their businesses a target for cybercriminals.
It is not just faceless organisations that criminals are going after: individuals CFOs and any other staff with access to privileged accounts are a tempting target for hackers.
“Finance leaders are currently navigating an uncertain environment and the demands of the finance function continue to grow,” Grant Thornton wrote. “For many businesses, there will be no return to the old ways and necessity will dictate a greater level of resilience, agility and flexibility than ever before.”
Grant Thornton spoke to dozens of CFOs to gauge the industry mood and found that some were concerned that the shift away from traditional office work has left them vulnerable to attack. “We are susceptible to cyber security threats again with remote working,” one CFO said. “How do we manage this?”
Counting the costs of a breach
The fears of CFOs are well placed because it is no longer a case of asking if an organisation will be attacked but working out when it will happen.
According to a recent Government report, half all of businesses (46%) reported experiencing a cyber-attack between 2019 and 2020.
These attacks can bring companies to their knees, particularly if their infrastructure or digital services are disrupted. Even after the incident is over, organisations can be left counting the cost caused to their reputation by a data breach or problems with their service. The initial attack is expensive to address, but the after-effects could be ruinous.
Cybercriminals’ tactics are also becoming ever more sophisticated and are increasingly aimed at the weakest part of any organisation’s defences: human employees.
One of the fastest-growing attack vectors we’ve seen recently is CEO Fraud or Business Email Compromise, in which attackers take advantage of employees’ desire to please their boss to trick them into handing over cash or credentials.
Falling victim to such a scam could be professionally disastrous to a CFO that accidentally wires money to a criminal or hands over the passwords to a bank account, so it is crucial that organisations install a multi-layered email security solution as well as train staff to spot the tell-tale signs of a scam.
Sadly, many cyber-attacks are caused by human error. According to a prediction from Gartner, 99% of cloud security failures in the years between now and 2025 will be caused by human mistakes.
Considering that 74% of CFOs intend to shift some employees to remote work permanently, the cloud is clearly going to continue to be a significant part of business practice in the future. Which means cybercriminals will be looking for ways to hack into endpoints and gain access to the network.
“Through 2025, 99% of cloud security failures will be the customer’s fault,” Gartner wrote. “CIOs can combat this by implementing and enforcing policies on cloud ownership, responsibility and risk acceptance. They should also be sure to follow a life cycle approach to cloud governance and put in place central management and monitoring plans to cover the inherent complexity of multi-cloud use.”
Expanding the CFO’s role
CFOs can do their part in the fight against too. There are a number of different services on offer to help CFO’s build up a sophisticated cyber security perimeter for their organisation; using solutions such as multi-layered email protection and multi-factor authentication can help CFO’s add that extra protection barrier around communications.
Organisations should also consider implementing Zero Trust Network Access (ZTNA) when it comes to authentication. This turns the old model of “connect then authenticate” on its head so it becomes “authenticate then connect”.
And for those looking to re-evaluate their cloud positioning, following a rapid migration process, a strong Cloud Access Security Broker (CASB) will help CFOs achieve complete visibility and control.
To find out more about how you can keep your business safe during these challenging times, be sure to download our report –Empowering the People: Critical Cyber Security Challenges.