- CEOs and CFOs should be involved, as cybercrime is a business risk not a technology problem
- Perpetrators are targeting data that will lead to other valuable assets
- Cybercriminals use business models, hire experts, and share knowledge and proceeds around the globe
See the full article, written by Bernard Kellerman, published in the August 2014 issue of Acuity magazine.
Big data, machine learning, artificial intelligence and robots all signal progress, but with new opportunities comes risk. And if the experts can agree on one thing, it’s that cybercrime is a major problem for businesses to tackle.
As the custodians of data, it is more important than ever that CFOs and finance leaders invest in protecting businesses from these risks.
“Last year malware attacks nearly doubled to 8.19 billion (Dell, 2016), with 4,000 ransomware attacks occurring every day.” (FBI, 2016)."
As Ivan Zasarsky, a Deloitte partner specialising in countering financial crime says, there are two categories of individuals. “Those that have been hacked, and those that don’t know they’ve been hacked.”
What has changed in recent times is that the success of earlier crimes has meant the “black hats” are able to organise themselves along similar models to those followed by legitimate businesses, hiring the best experts with particular knowledge and sharing the criminal proceeds around the globe.
These coordinated criminals have the potential to do massive damage to a business. By way of example, Zasarsky points to the experience of the retailer Target in the US last year. An attack on its point-of-sale devices resulted in the theft of credit card details of up to 40 million customers. What followed was degradation of Target’s brand and market capitalisation that was “certainly in the hundreds of millions of dollars”, Zasarsky says.
In Australia in 2011, a large number of IGA franchisees’ EFTPOS terminals in country Victoria and New South Wales were compromised via an internet attack by a Romanian criminal gang. The stolen data was used to create fake credit cards, which were on-sold and re-used in the original regions to reduce suspicion. The losses from this fraud were estimated at $30 million.
Cybercrime is a C-suite issue. The message for business leaders is that they need to come to terms with the potential impact on the balance sheet, and the value of the company, from incidents like these, Zasarsky and his peers are keen to stress.
This warning gets wholehearted support from Alastair Gibben, director of the Centre for Internet Safety at the University of Canberra and managing partner at Surete Group, a consultancy that advises on internet fraud reduction.
Gibben says that the CEO and CFO should be involved in the process, as cybercrime is a business risk, not a technology problem. All too often, they are not involved.
“From an IT security point of view we’ve allowed the technology people to own the conversation and I don’t think that’s the right approach,” says Gibben. “It’s a business problem and needs to be dealt with by the business people, along with the technicians. If you’re potentially losing several percent of your profit margin on fraud in your transactions, it’s a real economic loss.”
Risk management approach
Dr Paul Twomey, managing director of Argo Pacific, a consulting firm specialising in the internet and digital economy, also advises that coping with cybercrime needs a risk management approach.
“It’s to test an organisation’s ability to respond as a whole, and is much more part of a risk management approach than for the IT side.”
John Paterson, CFO, Chartered Accountants ANZ said the CFO role needs to be more strategic, tech savvy and have a greater appreciation of risk.
“Strategy and risk go hand in hand, spending time considering risks can be useful to [help plot] the strategy.”
Auditors and accountants have an important role to play in safeguarding organisations. Stay up to date on cybercrime and gain exclusive insights from industry experts into the technical and technological issues affecting the accounting and audit industry.
Audit Conference Australia
Want to gain exclusive insights into significant issues affecting the audit industry in the digital era?Find out here
Accounting Conference Australia
Find out how industry experts explore the important role of digital innovation, big data and technological disruption in the accounting and finance industry.Event info here