FeatureCybercrime has been at the center of so much media attention that it has become perceived as a kind of familiar, omnipresent, and inevitable ill force that everyone simply needs to accept and learn how to live with. In fact, nothing can be further from the truth.
Cybersecurity is a complex issue that can only be managed if businesses and individuals appreciate that they themselves have to accept a large part of the responsibility for it, because neither governments and law enforcement nor IT professionals can be relied upon to prevent it from occurring.
It is now essential but no longer sufficient to understand and follow the basic rules of cyber-hygiene, as cyber-criminals constantly find new and inventive ways of perpetrating crime at many different levels.
Cybersecurity can only be managed if individuals appreciate that they themselves have to accept a large part of the responsibility for it
Given the powerful weapons in the arsenal of cyber-terrorists, one can assume that an attack today can unleash the kind of mayhem that was unimaginable a few years back. A case in point was the recent ransomware attack on the US pipeline which gave the world a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks. US administration officials believe the attack was the act of a criminal group, rather than a nation seeking to disrupt critical infrastructure in the United States.
Similarly, cyberattacks in the UAE and the wider GCC region have increased since the outbreak of the COVID-19 pandemic and this trend will continue in 2021 according to industry executives and analysts. In the region, the main reasons for surge in cyberattacks is the growth in online users, remote work culture, and vulnerabilities in digital communication networks.
With the UAE being one of the leading economies in the Middle East, the nation-state has become the prime target for malicious actors, making it one of the most affected countries in the region, and accounting for the bulk of the COVID-19 themed attacks in the GCC.
A key consideration for organisations is that cybersecurity is no longer a purely technical issue and has become so complex, that there is no single third party that a business can fully rely upon to stay secure. At the leadership level, it is increasingly falling to the CFO and his team to step up to the challenge and learn how to mobilise against and survive the tidal wave of cybercrime.
Cybersecurity is no longer a technical issue and has become so complex, that no single party can be fully relied upon
As automation continues to play an ever-increasing role in what finance and other professionals have to do on a daily basis, cybersecurity is becoming inextricably linked to such fundamentally important tasks as protecting the safety and continuity of the business, ensuring confidentiality of sensitive data, and helping clients to understand and manage a wide range of cyber-risks.
Professional accountants and finance professionals can, and should, play a leading role in defining certain key areas of such an approach: creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, defining risk-management strategy, or helping their business establish priorities for their most valuable digital resources.
They can also closely follow the work of governments and various regulators, to have clear, up-to-date information on relevant legislation and on requirements for adequate disclosure and prompt investigation of cyber breaches.
Another vitally important aspect of cybersecurity is closely linked with maintaining clients’ and customers’ confidence. Safeguarding cliznts’ trust and ensuring confidentiality of sensitive data is a vital task for any accountancy practice. Therefore, as the reliance on digital technologies and online collaboration continues to grow, cybersecurity must become a key focus and concern.
This is especially true because cybercriminals often use the so-called lateral movement approach, whereby they might target an accountancy practice in order to use its breached IT system as a stepping-stone for subsequent attacks on the victim’s clients. Keeping things like this in mind, it must be accepted that no company is too small to become a victim of a cyberattack.
Another vitally important aspect of cybersecurity is closely linked with maintaining clients’ and customers’ confidence
What is needed, but is still often lacking, is a strategic approach to mitigating cybercrime risks. Professional accountants and finance professionals can, and should, play a leading role in defining certain key areas of such an approach.
These include:
- Creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, so that a business can be realistic about its ability to respond to an attack and recover from it
- Defining risk management strategy
- Helping businesses establish priorities for their most valuable digital resources, in order to implement a layered approach to cybersecurity
- Closely following the work of governments and various regulators to have clear up-to-date information on relevant legislation and on requirements for adequate disclosure and prompt investigation of cybersecurity breaches
Solving cybersecurity problems is a complex technical discipline that is arguably better left to professionals; but what is very important is firm knowledge of the basics of safety. Gaps in such knowledge are a huge risk factor, as even one small gap is often enough for the enemy to get a foot into the door.
The CFO and his team should therefore always be mindful of the old saying: a fool and his money are soon parted. Now, and for as long as the profession heavily relies on technology, no one can afford to be a cyber-fool.
What is needed is a strategic approach to mitigating cybercrime risks and finance professionals can play a role in defining such an approach.
