WHEN it comes to cyber security, South African businesses are ill-equipped to deal with emerging cyber security threats, and often rely on outdated protection strategies. The scam earlier this year, involving Standard Bank and the loss of R300 million, has sent shock waves through the chief financial officer (CFO) community. Cyber crime has, therefore, moved up the agenda of the global CFO Council meeting being held next week in Cape Town.
Cyber criminals have increased their attacks on South African companies, but company strategies have lagged behind in terms of preparing for emerging threats. The rate of change with regards to cyber-related risk is accelerating rapidly, leaving them more exposed than ever before.
In terms of financial governance and financial security for business, CFOs need to proactively keep cyber security top of mind among the executive team.
The matter of securing systems and databases is a technical issue, but CFOs should still be knowledgeable of where potential attacks can come from. Cyber attacks could cost a company hundreds of thousands and even millions of rands.
According to the South African Banking Risk Information Centre, South Africans lose in excess of R2.2billion annually to internet fraud and phishing attacks.
A study conducted by IBM and the Ponemon Institute released in July this year indicates that the total average organisational cost of a data breach for the 19 companies represented in the research is R28.6 million.
The largest cost component identified was lost business at an average of R10.55m, while the smallest cost component was notification at R560 000 on average.
In South Africa, the average cost of a data breach is R1 548 per record, with a total organisational cost of R28.6m.
It is evident that the financial implications of a breach in cyber security could have a devastating impact on the bottom line, and CFOs need to proactively manage this risk
Although cyber security breaches cannot always be prevented, there are measures that can be taken to minimise the likelihood of a breach:
Stop incursion by targeted attacks: The top four means of hacker incursion into a company’s network are through exploiting system vulnerabilities, default password violations, SQL injections (which is a code injection technique, used to attack datadriven applications) and targeted malware attacks. To prevent incursions, it is necessary to shut down each of these avenues into the organisation’s information assets.
Threats Identify threats by correlating real-time alerts with global intelligence: To help identify and respond to the threat of a targeted attack; security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated in real-time with current research and analysis of the worldwide threat environment.
Proactively protect information: In today’s connected world, it is no longer enough to defend the perimeter. One must accurately identify and proactively protect the most sensitive information wherever it is stored, sent or used. By enforcing unified data protection policies across servers, networks and endpoints throughout the enterprise, you can progressively reduce the risk of a data breach.
One must accurately identify and proactively protect the most sensitive information wherever it is stored, sent or used.
To prevent a data breach caused by a hacker or a malicious insider and protect sensitive information, organisations must start by developing and enforcing IT policies across their networks and data protection systems.
Integrate prevention and response strategies into security operations: In order to prevent data breaches, it is essential to have a breach prevention and response plan that is integrated into the day-to-day operations of the security team, which will enable them to continuously improve their strategy and progressively reduce risk.
To put these measures in place, financial investments in improved cyber security by business will need to be made. Cyber security is a global issue that needs to be prioritised by all CFOs, who are ultimately responsible for safeguarding the cash and resources of the business.
As a community CFOs need to declare war on cyber threats as it can ruin global trade. We cannot allow criminals to prevent the free flow of goods and services, and a safe environment is needed to build the world economy. That is why the local division of the CFO Council will present to the World CFO Congress a plan of action for a uniform approach to fighting cyber crime.
Original Post Cape Times Newspaper