Knowing the rules versus playing the game - the Treasurer’s role in cybercrime prevention

02 November 2018

“The rules are important, but the increasing innovation and motivation of attackers makes it imperative to adapt our approach to security – and play a different game”.

For me, this quote from Richard Horne, PwC’s Cyber Risk Partner, neatly surmises the challenges organisations face in managing cyber risk, examined in detail at our latest Treasury & Commodities client event - “Defending against cyber threats”.

Our clients got the chance to bring this play to life by going head to head against one another as attacker vs defender in our cyber security Game of Threats™ simulation.

Richard alongside Steve Batt, PwC Treasury & Commodities Technology Partner, then reflected on how, regardless of job title, everyone has a role to play in cultivating the right mindset to protect their organisations. Appropriate given our attendees comprised varied roles including CISO’s, Group Treasurers, Heads of Risk, Heads of Audit and Heads of IT. Here are some key things I took away from this brilliant session:

You can be the target without being the target

Cyber criminals might not target a system directly but instead look to corrupt a process by corrupting its inputs. For example, hackers target banks via their end users or alter trades made by automated trading systems by interfering with (or just delaying) market data they rely on. This brought to life for me the fact that cyber risk extends beyond your own business to that of your third parties - outsourcers, suppliers etc. The risk in this area is prevalent and growing.

Business processes need to be resilient

Organisations must make business and technology choices that reduce exposure and transform (and often simplify) operations to minimise opportunities for attackers. This goes beyond security controls to underlying business architecture and the understanding of the of critical processes e.g. more disparate banking/payment structures can mean a great exposure to attacks and fraud.

Cyber challenges aren’t static

As we evolve the way we handle, manage and store data, attackers increase their innovation meaning it’s imperative to adapt our approach to security – and play a different game. Take the shift in organisations data storage, moving to Cloud-based offerings. How do organisation secure data when you have little or no control of the systems on which that data is stored and processed?

In order to confront these risks organisations need to change the way they think, work and behave. In my view, for treasurers and commodity trading houses this means every individual must believe they have responsibility to protect their organisation through the way they do their job. Embedding a risk mindset.

For further insights on this topic please refer to Richard Horne’s latest publication - 'The Changing Face of Cyber Security'. Our teams have supported many clients in better equipping themselves to defend against and manage cyber risk. Please get in touch if you would like to discuss how we can help you protect your business.

Yvonne Welsh

Yvonne Welsh | Senior Manager, PwC United Kingdom
Profile | Email | +44 (0)7710 035 926

More articles by Yvonne Welsh

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated and will not appear until the author has approved them.