Taking Additional Steps to Protect Financial Information

Financial and accounting data are crucial to the survival of a company. Like source code or intellectual property, financial data can be the organization's crown jewels -- hence it is also a high-value target.

Despite the rising threat, a Deloitte survey indicates organizations lack appropriate defense against a rising tide of attacks targeting sensitive accounting and financial information, even as half of executives surveyed expect an increase in cyber incidents targeting financial data.

In addition, just a fifth of the 1,100 executives surveyed said there is close collaboration between finance and accounting teams and cybersecurity leaders within the organization.

Discord Between Departments Hampers Data Security

Timothy Morris, chief security adviser at Tanium, explains accounting and finance teams are business functions, while IT is often seen as a “necessary evil” and IT security teams are viewed as the “department of no”.

“In some organizations, the IT folks that run finance systems can be shadow IT,” he says. ”After all, the CFO typically signs the checks and may retain some autonomy from enterprise ITOps and InfoSec teams.”

He adds that in recent years, IT and security have been working to become enablers of business and not a friction point.

“However, finance and accounting systems do not change that often, so a lot of tech debt and legacy systems still exist, which are required for the company to run,” Morris says. “IT leaders must work with key business leaders, as well as any shadow IT team that may exist, to learn what assets need to be protected and what data needs to be protected.”

Classify, Locate, and Monitor Financial Data

From his perspective, it is essential to label or classify the criticality of financial assets and corresponding data.

“Know where and how it is transmitted and stored, including both data in motion and at rest,” he says.

Mike Heredia, vice president of EMEA and APAC regions at XM Cyber, agrees organizations must first understand exactly where within the enterprise critical and high value financial data is.

“This needs to be continuously monitored to detect suspicious activity causing risk,” he says. “More importantly, organizations must know exactly how the data can be compromised and reached by attackers and take proactive steps to prevent this from happening.”

He adds Infrequent penetration tests are insufficient, as the threat landscape and infrastructure are both too dynamic.

IT Security Leaders Must Raise Awareness

Joseph Harris, vice president of intelligence collection management at Intel 471, says financial organizations’ efforts to harden account ecosystems against attacks leads to innovations from malicious actors trying to hack networks.

“IT security leaders continue to work on education as a cornerstone of their security programs,” he says. “However effective technical controls are, there will always be a human element to factor in and criminals are very effective at exploiting people to achieve their aims.” He points out great security teams devote a portion of their time to increasing awareness of current methodologies used by attackers.

This helps to ensure a cohesive and joined up approach to mitigating harm bolstered by a layered approach resilient to adaptive attacks.

“Collaborating on security defenses and keeping a close watch on how attackers plan and then execute their attacks can provide a significant means of preventing harm,” Harris says. ”Bad guys share and collaborate regularly -- the same approach should be taken in defending systems to prevent harm.”

Heredia says cyber leaders also must have continuous visibility of how likely business critical data, such as financial data, might be to compromise.

“This needs to be included in board level cyber reporting, with relevant processes wrapped around this insight to take proactive preventative steps to remove risk,” he explains.

Promoting Cross-Team Collaboration

John Bambenek, principal threat hunter at Netenrich, says ultimately, cross-team collaboration begins key leaders sitting down and figuring out what the priorities are and setting direction for their people.

“Security leadership needs to describe in business terms the value they provide in ways that make sense to finance and accounting,” he says.

Generally speaking, accounting and finance tend to be highly regulated and process driven, so deviations from “the process” can be detected and investigated.

“As we collect more data, especially if it is normalized, we have an emerging opportunity for behavioral analytics to detect unauthorized access, movement, and manipulation of finance data,” Bambenek says.

Morris adds it's important to ensure financial apps and accounting software and vendors are part of vulnerability assessment.

“Ensure data at rest is encrypted and data in motion is going through secure channels,” he says. “Check security controls intended to protect the users, assets, and data are present, working, and effective.”

He also recommends performing adversarial consulting or emulation to learn how those systems look to an attacker or third-party.

Ultimately, failure to protect this data can be easily measured in fraud losses.

“Unfortunately, if the financial information is to end consumers, the business doesn’t face the loss, innocent parties who have no ability to protect themselves nor did anything wrong pay the price,” Bambenek says.

What to Read Next:

Cloud Adoption in Financial Services: Risks and Opportunities

6 Worthless Security Tactics That Won't Go Away

Security Top IT Investment Priority in 2023