IDEA What are we doing to protect ourselves from cyber attacks It s a question every CFO eventually asks their team Although the question suggests IT specific concerns like malware firewalls and virus scans CFOs need to pause and broaden their perspective examine cyber related busi ness risk in the areas of physical security and in industrial controls as well If for example a cyber criminal walks into your headquarters and steals a laptop or a worm enables hackers to take over the controls of your factory your problems just got a lot bigger Attackers could destroy costly equip ment and put you out of business for months ruining your relationships reputation brand market share and shareholder value News headlines might lead you to believe that the biggest cyber risk is the theft of financial medical password or other per sonal information which exposes consumers to fraudulent charges embarrassments and all manner of personal headaches Breaches like these can certainly be cat astrophic to your business But like physical property business data is also an operational asset It has a distinct value in terms of keep ing the business running and in this analytics age providing insight Destruction corrup tion or alteration of say logistical data orders or GPS information can cripple your business for months Worst case Arguably it s when hackers go beyond credit card numbers and data dam age and take hold of your industrial controls potentially bringing power stations down permanently freezing multimillion dollar tur bines in mid cycle blowing chemical vessels up or causing molten metal to harden mid way through fabrication When I step back this multifaceted cyber security challenge looks to me a lot like the commercial property vulnerabilities engineers address every day in their loss pre vention duties as they guard against fire and natural catastrophe Their first step Under standing the risk which goes far beyond ones and zeroes Get your IT finance and risk man agement teams together Your IT group knows all about the technology side of security but they have little expertise in translating it into business risk The parties need to understand one another Determine what information security standard applies to your industry and base your cyber security framework on its practices One source of standards is the National Institute of Standards and Technology s NIST Framework for Improving Critical Infrastructure Cybersecurity Review your insurance coverage to ensure that at least one policy cyber crime property or liability will respond fully to any successful cyber attack Identify and classify data based on business criticality as well as on sensitivity confidentiality of data Identify critical assets and net work access points at your facilities both physical and technological and determine how access is controlled Prioritize actions to improve access control where needed Create a documented incident response plan to prepare employees to respond accordingly during cyber events The plan needs to be part of a complete risk management program not just a document Test the plan Tabletop simulation ex ercises can be a very effective means of testing the adequacy of a plan and restoration time windows CFOs don t need to be involved in all the details But they do need to champion a comprehensive view of cyber security This leadership will help make your company more resilient when the time comes A FEW THINGS YOU CAN DO 16 REASON ISSUE 1 2017

Hinweis: Dies ist eine maschinenlesbare No-Flash Ansicht.
Klicken Sie hier um zur Online-Version zu gelangen.