Businesses today face an ever-evolving threatscape with growing pressure to rethink security strategies for long-term sustainability. As a result, corporate finance teams are more actively partnering with IT to ensure the organization’s security strategies protect critical financial data. Fortinet’s Araldo Menegon discusses the issues and trends affecting corporate finance teams today.
More and more companies are realizing increasing exposure to cyber threats. As employees bring more devices into the workplace, data and applications communicate with the cloud, and as businesses share more information with vendors and partners, the footprint for security grows wider. So in one sense, security needs to be “managed” by everyone in an organization. More specifically, a company’s financial information can be a key target for malicious attacks, so finance teams need to know how to limit their vulnerabilities.
Email scams and phishing continue to be a primary cyber concern. Cyber criminals are becoming increasingly sophisticated in their attacks, with subject lines and “information” more targeted to your employees’ interests. In a recent study, 30 percent of employees opened a phishing email, and 12 percent then clicked on an infected document or link, allowing the malware to run its course. What the malware is then programmed to do varies according to the intent of the attack. It could distribute spyware to collect information about a user or system without your knowledge, run malicious code to damage targeted systems or applications, or embed ransomware, which shuts off access to data or systems until you pay for its release.
To level-set expectations, keep in mind that you can’t entirely prevent a compromise, but you can control how prepared you are to react and respond. Here are specific actions for CIOs and their teams to consider:
This is where partnership with your IT security team is key. Once an attacker is inside your network, they have bypassed your edge protection layer; however, you still have a chance to minimize the impact of the beach by segmenting your network into security zones. This will allow you to create various choke points to help isolate the breach and monitor and secure traffic as it moves between security zones.
Sandboxing is another solution that IT can deploy to manage potentially nefarious data that initially breaches the network. This software can detect previously unseen or sophisticated malware and route it to a sandbox with equally sophisticated analytics. Make sure your sandbox technology can interact with other enforcement points—such as your email security technology, NG firewalls, endpoints, as well as various others—to take action.
Finally, in the unfortunate event of a breach, every finance organization needs a documented procedure to assess damage, repair systems and machines, and restore normal operations. Regular security drills can help your team implement recovery quickly and efficiently, when it’s needed most.