Sponsored Content

Cybersecurity is no longer purely a tech problem — it is often due to a combination of technical vulnerabilities and human factors, exacerbated by terrible password habits, phishing attacks, or the mishandling of sensitive information, as highlighted in the historic “MOAB” (mother of all breaches) leak, revealed earlier this year.

The breach, involving the largest trove of stolen data, passwords, and other sensitive information that has ever been gathered, saw the leaking of over 26 billion data records from 3,876 domain names including Tencent, Weibo, Twitter/X, Dropbox and LinkedIn. It gave hackers access to data from both personal and company, which are especially lucrative targets for criminals because breaching work-related accounts and, by extension, large organisational databases provides a treasure trove of information for use in identity theft, financial fraud, social engineering attacks, or even for blackmailing.

A “wakeup call” for society and companies, the MOAB breach underscores the critical need to protect data and the necessity of ongoing innovation in cybersecurity. Cybercriminals are constantly refining their tactics and so must its potential victims. 

Since 2017, the average cost of a cyberattack has risen by 15%, from $3.62-million to $4.45-million in 2023, largely due to the sharp rise in the number of threats, their growing sophistication and the rising cost of the financial — and reputational — consequences. 

A Verizon study says social engineering attacks are often effective and extremely lucrative for cybercriminals. Seventy-four percent of all breaches include the human element, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering. In 83% of cases, breaches involve external actors, and in 95% of the cases, the motivation for attacks is financially driven. The three primary ways in which attackers gain access to an organisation are stolen credentials, phishing and exploitation of vulnerabilities.

Whether it’s falling for phishing scams, mishandling sensitive information, or neglecting security protocols, human error often compromises even the most robust security systems, which is why training and awareness are crucial to mitigating these risks and strengthening the overall security posture. 

Remote and hybrid work arrangements, necessitated by the Covid pandemic and entrenched in its aftermath, have normalised working in the cloud, which entails storing and sharing data, including financial and other sensitive personal and company information, across devices. 

If the company cloud is not implemented correctly and used without proper security, bad actors could and will compromise your systems.

When operating cloud infrastructure, users must be clear about their responsibilities. Your organisation must set up systems and processes that protect people from themselves and establish confidentiality policies and guidance for employees to store documents securely.

Your IT system should be as secure for remote workers as it is for office-based employees, which is why it is advisable to also set up a virtual private network (VPN). 

Sage research suggests that 45% of finance leaders are concerned about the growing threat of cybercrime, 95% don’t know which data to trust, and only 69% of small- and medium-sized businesses (SMBs) saying cyber security is part of their culture — but most only discuss it when something changes or goes wrong internally. 

In South Africa, Sage found SMBs believe education and training to be wanting, with 55% of respondents seeing educating employees as the biggest challenge – significantly higher than the global average of 44% — and 69% seeking more support, which is again a dramatic outlier compared to the 52% global average. The most common cyber security incident reported in South Africa was stolen laptops. Ransomware attacks were reported less (9%) than the global average (13%).

Why cyber security is so important for CFOs

PwC’s 2024 Global Digital Trust Insights survey of 3,876 business and tech executives at the largest global companies shows vast room for improvement in cybersecurity, with 75% of  chief financial officers (CFOs) already engaged in making high-level cyber security decisions.

As guardians of financial risk management, CFOs hold a core position and should work closely with chief information security officers (CISOs) to optimise spending on cybersecurity and tailor security measures to the finance department. 

CFOs might not be cybersecurity experts, but they are specialists at risk management, which naturally makes them allies of CISOs, who are charged with guarding an organisation’s systems and data. 

CFOs should partner with both IT and risk management teams to reduce risks stemming from the widespread adoption of remote work and ensure that existing policies adequately safeguard sensitive data.

Given the heightened vulnerability of finance teams to cyberattacks, CFOs must possess a deep understanding of emerging IT security challenges, threats, and legal frameworks. With control over most of a company’s most sensitive information, security should be a CFO’s top priority because if the systems are breached and data is stolen, they are often held accountable.

Threats to guard for:

  • Phishing attacks: Phishing attacks deceive employees into disclosing sensitive financial information, primarily via email, voice calls, and text messaging. Business email compromise, which typically targets finance and accounting, procurement and payroll teams, is a cyberattack that uses email to manipulate people. Other phishing scams try to trick victims into revealing passwords, providing credit card numbers, or clicking on malware (malicious software, files, or programs that are meant to harm and disrupt systems) links.
  • Data leaks: Valuable financial information can be leaked via business and home internet connections through laptops, PCs, mobile phones, and tablets.
  • Supply chain attack: These target something a company buys from vendors, typically a software program. By exploiting a program vulnerability, the attacker can gain backdoor access to multiple organisations that use the software.
  • Publicly exposed database: A publicly exposed database not protected by security measures such as requiring user credentials, secure configuration or adequate security settings is an easy target for criminals.
  • Insider threats: Employees, former employees, contractors, vendors, and other parties with access to a company’s systems and networks could pose a security threat, by either intentionally working to take down a company’s systems and steal its data, or those who cause a security breach due to a lack of following procedures or training.
  • Ransomware: This is a type of malicious software or malware designed to block access to a computer system until money is paid. When ransomware is activated, organisations are locked out of their key systems and data and staff are unable to work.

Remember, cloud technology is only as safe as the people who use it.

CFOs can implement cloud technology by:

1. Defining objective:

Understand how cloud software can do the heavy lifting. Figure out which activities can/will be automated, how much time you could save, and get your team’s buy-in. Set up measurable key performance indicators (KPIs).

2.  Evaluating your existing infrastructure

Sage research shows that 83% of businesses plan to increasingly automate manual tasks but before introducing new systems, it’s important to conduct an audit of procedures, to determine which are operating correctly. Doing so can help you prioritise critical areas that need attention and decide on which systems and apps must be migrated first.

3. Show, don’t tell

To get your team’s buy-in, show them what the cloud can do for them, and keep the lines of communication open. By speaking freely and feeling comfortable reporting any issues, your staff play an essential role in security by understanding and adhering to best practices.

4. Get help

Seek advice from the experts, including management, IT teams and other departments. Ask cloud providers about their track record in terms of security and compliance and what they can do for your organisation. 

Cybersecurity is not about possessing the latest technology or the most advanced security tools: It is a multifaceted challenge involving people, well-defined processes, and a security-conscious culture within your organisation. 

To protect your organisation from cyberattacks, you need to adopt a holistic approach that integrates all these elements. Remember, cybersecurity is not just an IT problem; it’s everyone’s responsibility.

This article is brought to you by Sage. DM/BM


Please peer review 3 community comments before your comment can be posted