Knowing the rules versus playing the game - the Treasurer’s role in cybercrime prevention
November 02, 2018
“The rules are important, but the increasing innovation and motivation of attackers makes it imperative to adapt our approach to security – and play a different game”.
For me, this quote from Richard Horne, PwC’s Cyber Risk Partner, neatly surmises the challenges organisations face in managing cyber risk, examined in detail at our latest Treasury & Commodities client event - “Defending against cyber threats”.
Our clients got the chance to bring this play to life by going head to head against one another as attacker vs defender in our cyber security Game of Threats™ simulation.
Richard alongside Steve Batt, PwC Treasury & Commodities Technology Partner, then reflected on how, regardless of job title, everyone has a role to play in cultivating the right mindset to protect their organisations. Appropriate given our attendees comprised varied roles including CISO’s, Group Treasurers, Heads of Risk, Heads of Audit and Heads of IT. Here are some key things I took away from this brilliant session:
You can be the target without being the target
Cyber criminals might not target a system directly but instead look to corrupt a process by corrupting its inputs. For example, hackers target banks via their end users or alter trades made by automated trading systems by interfering with (or just delaying) market data they rely on. This brought to life for me the fact that cyber risk extends beyond your own business to that of your third parties - outsourcers, suppliers etc. The risk in this area is prevalent and growing.
Business processes need to be resilient
Organisations must make business and technology choices that reduce exposure and transform (and often simplify) operations to minimise opportunities for attackers. This goes beyond security controls to underlying business architecture and the understanding of the of critical processes e.g. more disparate banking/payment structures can mean a great exposure to attacks and fraud.
Cyber challenges aren’t static
As we evolve the way we handle, manage and store data, attackers increase their innovation meaning it’s imperative to adapt our approach to security – and play a different game. Take the shift in organisations data storage, moving to Cloud-based offerings. How do organisation secure data when you have little or no control of the systems on which that data is stored and processed?
In order to confront these risks organisations need to change the way they think, work and behave. In my view, for treasurers and commodity trading houses this means every individual must believe they have responsibility to protect their organisation through the way they do their job. Embedding a risk mindset.
For further insights on this topic please refer to Richard Horne’s latest publication - 'The Changing Face of Cyber Security'. Our teams have supported many clients in better equipping themselves to defend against and manage cyber risk. Please get in touch if you would like to discuss how we can help you protect your business.