Businesses use various techniques to prioritize sources and types of data. But there are some trophies that are common to almost every organization. Perhaps the most important is data considered private by major stakeholders.
Such data can include personal information about your customers and employees, as well as financial information about your business partners.
Other core assets include financial information and other back-office data, such as human resources and payroll data.
Now let’s take a look at specific trophies in select industries.
In this industry, assets that set your company apart and make you a leader in certain markets should be closely guarded. These can include formulas, patents and specialized manufacturing techniques.
To protect these, CFOs should make certain that they gain the attention of the rest of the senior leadership team and key business stakeholders.
Industries are not always cyber-attacked equally. Those with financial assets (banks) or critical infrastructure (telcos) experience more than their fair share of incidents. This makes it important for CFOs in consumer products, which may be less of a target than, banks or telcos, to make sure their companies do not become complacent.
The CFO must stress the importance of an overall incident management framework that guards against hesitation and inaction in the event of a serious event. Without a clear plan, a poor response (or lack of a response) may cause long-lasting damage to a company’s brand and relations with consumers.
Oil and Gas
Compared to an industry like consumer products, oil and gas assets can become much more complex to protect. Those assets can be widely distributed around the globe, making them challenging to safeguard.
Among the trophies in this industry are information about exploration, and industrial control systems in general. An oil and gas company’s hard assets – what is called operational technology – can be especially vulnerable to cyber-criminals and hackers. These can include pipelines, ships and even individual gas stations.
To protect these, CFOs should be sure that they spend correctly. Everyone wants to increase operational flexibility and address the “real” cyber threats. But an old truth related to automation also applies to cybersecurity: the cost to eliminate the first 80 percent of process threats is the same cost as to eliminate the remaining 20 percent.
CFOs should focus on the security processes and technology that achieve 80 percent of their companies’ desired states. Focus on identifying and protecting critical assets, both digital and physical. Establish continual data monitoring and explore alternatives to disruptive technology, including mobile and cloud, where incidents are likely to occur next.
While higher education may seem less attractive to cybercriminals, colleges and universities are actually among the top targets of cybercrime, which originates from both inside and outside an institution.
Trophies in these institutions often include research data and medical and patient information at hospitals connected to universities. Information technology is also vital to protect the personal data of all constituents, e.g., students, faculty, staff and even alumni information, in fundraising databases. Operational technology includes campus buildings, notably residence halls and libraries. CFOs must ensure that access controls are robust.
To protect these assets, CFOs should create a vision for both preventing from and responding to incidents. Implementing programs proactively will ensure that you stay ahead of the curve.
Because higher education uniquely experiences great numbers of joiners and leavers (e.g., those who enroll in a class for two semesters and then drop out), this by definition creates the potential for cybertheft originating from inside the institution.
CFOs should focus hard on the protection mechanisms for their data. To protect their assets, they should invest in solutions to guard against unauthorized and inappropriate access to applications and information.
Tom McGrath is Americas senior vice chair of accounts and Terry Jost is a principal at Ernst & Young LLP.