Advice for Mitigating Cybersecurity Threats

Published November 21, 2017

Finance leaders’ involvement in cybersecurity is growing. Responses to cyberattacks include increased spending, according to a global survey.
 
Nearly three-fourths of company finance leaders have become more involved in cybersecurity in the wake of increases in phishing scams and credit card and database breaches, according to a new global survey.

Forty-nine per cent of respondents said their business had fallen victim to a cyberattack in the past two years. Sensitive information, reputation, and business operations were viewed as most at-risk, according to a survey of more than 700 finance leaders from the Association of International Certified Professional Accountants.

Companies are responding by advancing initiatives such as employee awareness of phishing, cybersecurity, and fraud prevention spending, and toughening policies regarding third-party vendors to secure their vulnerabilities. Some businesses are increasing liability insurance to plan for disruptions, and others are adding positions that address cybersecurity threats, the survey said.

Finance executives and cybersecurity experts shared several tips to mitigate threats and breaches:

Combat phishing attacks with email filters, fine-grain employee training, and approved communications by authorised employees:

Micro 100 Tool Corp. in Meridian, Idaho, is working to fine-tune email filters to stop potentially malicious messages, including phishing attacks, said Mick Armstrong, CPA, CGMA, Micro 100’s CFO.

First Century Bank, which has seven branches in Tennessee, sends phishing emails to employees to see if they will click the links, said Andy Bonner, CPA, CGMA, the bank’s CFO. The approach raises awareness amongst staff that they must closely read emails. “We’re showing them how to hover over links to see if the email is fake, and who sent it,” Bonner said.

Phishing falls under social engineering (con games, deception, trickery); anything used for communication, even Twitter and Facebook, could be a conduit of social engineering and phishing, said Morey Haber, vice president of technology at cybersecurity firm BeyondTrust.

“Mitigating phishing comes down to policies, procedures, and education. There should be authorised channels for communication, and authorised people to make those communications,” Haber said. For example, policies can dictate that an employee who receives a suspect email must validate it with a phone call to the sender, or alert the help desk.

Prepare for ransomware attacks using threat intelligence, network-monitoring software, firewalls, and incremental backups:

At Micro 100, if network-monitoring software sees encryption activity that indicates a ransomware attack, new firewall software isolates it, and Micro 100 rolls back to a clean version of its data, said Armstrong. “We will shut everything down and just do a reboot from our database to just 15 minutes earlier so that we aren’t trying to replicate data,” he said.

Cybersecurity reports from several sources, including Verizon and cybersecurity company Carbon Black, have found dramatic increases in the occurrence of ransomware attacks and the availability of ransomware software. “Organisational personnel need to maintain awareness of changes in the threat landscape by monitoring public and industry sources of information, and have the flexibility to modify their security program to address these threats,” said Jeff Sanchez, managing director, Data Security & Privacy Practice, at the consulting firm Protiviti.

Consider layered defences and fast cancellation and local replacement of credit cards for credit card breaches:

First Century Bank acts on credit card breaches immediately, Bonner said. “We’re physically cancelling the customer’s credit cards and calling them, telling them to come in,” he said. “It’s not uncommon for us to print 25 to 50 cards a week to replace cards from breaches.”

Large amounts of credit card information need additional layers of protection including vulnerability management, privileged access, log file management, and security information and event management (SIEM), Haber said. Mitigating vulnerabilities, limiting administrative access, managing system logs, and performing real-time analysis of security alerts provide these additional protection layers. The key to mitigating breaches is not to consider each of these security disciplines separately, but rather as an integrated security defence that shares information.

“When you link solutions such as log file management and SIEM to existing solutions like data-leak/data-loss prevention (DLP), you can quickly detect credit card data in transit,” Haber said.

Penetrate your database and use access controls, session monitoring, and network zones to protect it:

First Century Bank uses consultants to download software to break into its databases, said Bonner. The industry calls this penetration testing, which companies use to find vulnerabilities that attackers could use to gain access.

Always connect to databases using strict access-control lists, which limit access to identified users and networks, Haber said.

When you access the database, monitor the network traffic you exchange during the connection, use a proxy server to secure the connection, and connect only inside isolated network zones, which you separate from the rest of the network for security, Haber said.
(Source:  AICPA - CPA Letter Daily - CGMA Magazine - October 30, 2017)