7 Cybersecurity Questions Every Leader Should Ask After the Equifax Breach

In an article by Forbes magazine, Theresa Payton identifies the key questions leaders should be asking in the wake of the Equifax Breach. Payton was a former CIO for the White House and currently is the CEO of Fortalice Solutions, a cybersecurity and intelligence consulting firm that helps businesses and government organizations protect themselves from emerging threats.

Theresa Payton

Theresa Payton

These are the questions she believes to be most important:

  1. Are you effectively monitoring your company to understand its possible vulnerabilities? This could be through a third party to physically and digitally track your company’s assets using open-source intelligence.
  2. Have you geo-fenced (set in place a virtual geographic boundary) the company and travel for executives?
  3. Have you defined your most important firm assets and developed a process to regularly think about the risk connected with these assets?
  4. What is your plan to prevent your worst cyber nightmare and should something happen, mitigate it?
  5. How aggressive do you want to be with turning off data to protect it, despite some operational disruptions?
  6. When was the last time that you got all parties together to discuss the plan in place and documented list of roles and responsibilities?
  7. When is the last time that you ran an exercise to test how human behavior interacts with the security plan?

Fourth Consecutive Year for Increased Spending on Cybersecurity

According to a new survey by Chicago-based BDO USA (FY17 net revenue of $1.4 billion), more than three-quarters (79%) of public company directors report that their board is more involved with cybersecurity than it was 12 months ago, and a similar percentage (78%) say they have increased company investments during the past year to defend against cyber-attacks. The average budget expansion is 19%.

This is the fourth consecutive year that board members have reported increases in time and dollars invested in cybersecurity. Despite this positive progress, the survey also found that businesses continue to resist sharing information on cyber-attacks with entities outside of their company. Just one-quarter (25%) are sharing information gleaned from cyber-attacks with external entities – a practice that needs to become more prevalent for the safety of critical infrastructure and national security.

“The annual survey has documented the continued ascension of cybersecurity in corporate boardrooms, as directors are being briefed more often and are responding with increased budgets to address this critical area. This year’s study also indicates that boards are aware of the expanding threat of ransomware and most of their businesses are proactively addressing this risk,” says Gregory Garrett, leader of international cybersecurity. “The survey also reveals a significant vulnerability – the continued failure of companies to share information they have gathered from cyber-attacks. Sharing information gleaned from cyber-attacks is a key to defeating hackers, yet just one-quarter of directors say their company is sharing information externally. This behavior needs to change.”

Cyber-Risk
Almost one in five (18%) board members indicate that their company experienced a cyber-breach during the past two years, a percentage very similar to the previous two years (22%). A majority (61%) of corporate directors say their company has a cyber-breach/incident response plan in place, compared to 16% who do not have a plan.

Lack of Sharing on Cyber-Attacks
Sharing information gleaned from cyber-attacks is key to defeating hackers and the U.S. government has consistently communicated how businesses can contact relevant federal agencies about cyber incidents they experience. Unfortunately, when asked whether they share information they gather from cyber-attacks, only one-quarter (25%) of directors say they share the information externally.

Of those sharing information on their cyber-attacks, the vast majority (86%) share with government agencies (FBI, Department of Homeland Security) and close to half (47%) share with Information Sharing & Analysis Centers. Very few (8%) share with competitors.

SOC for Cybersecurity
Earlier this year, the AICPA introduced a Cybersecurity Risk Management Framework also known as “SOC for Cybersecurity” – that provides companies with a proactive approach for designing a risk management program and communicating about its effectiveness. When asked about this initiative, just 40% of directors are familiar with it.

For the full survey report go to 2017 BDO Cyber Governance Survey.

Deloitte Targeted by Cyberattack

New York-based Deloitte (FY16 net revenue of $17.5 billion) has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, according to the Guardian.

Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

According to the Guardian, the hackers had potential access to:

  • Usernames and passwords
  • IP addresses
  • Architectural diagrams for businesses
  • Health information
  • Email attachments with sensitive security and design details

The breach, which is believed to have been U.S.-focused, was considered so sensitive that only a few of Deloitte’s most senior partners and lawyers were informed.

Deloitte’s internal review into the incident is ongoing. The team investigating the hack is working out of the firm’s offices in Rosslyn, Va., where analysts have been reviewing potentially compromised documents for six months.

So far, six of Deloitte’s clients have been told their information was affected by the hack.

A Deloitte spokesman has stated:

In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.

 As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.

 We remain deeply committed to ensuring that our cybersecurity defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required. 

New ACCA Report: Ethical Behavior Should Be at Core of Business in Digital Age

The Association of Chartered Certified Accountants (ACCA) released a global survey, “Ethics and Trust in a Digital Age.” It raises questions about how prepared businesses are to face new ethical challenges, such as ransomware attacks, crypto-currency transactions, intellectual property disputes and customer privacy.

“Professional accountants are often on the front line of facing ethical questions in business,” says Maggie McGhee, director of professional insights at ACCA. “What is clear is that the digital age creates new dilemmas where there are no easy answers. If you’re working in a business considering whether to start accepting bitcoin payments, or implementing cloud-based customer records, these are crucial questions. In the digital age, there needs to be more – not less – importance placed on the ethical and professional judgment of individuals.

“What many are calling for is guidance and leadership on how to respond. All those involved in decision-making levels in business should be aware of how new technologies can affect their reputation and consider how to support their employees in doing the right thing.”

The report features a series of short case studies exploring the ethical questions raised for accountants and auditors by digital technology. It offers guidance through assessing the scenarios alongside the five fundamental principles for professional accountants established by the International Ethics Standards Board of Accountants.

The survey explores six digital themes:

  • Cybersecurity
  • Platform-based business models
  • Big Data and analytics
  • Crypto currencies and distributed ledgers
  • Automation, artificial intelligence and machine learning
  • Procurement of technology solutions

The survey found that while 77% noted that ethics was a “very important” skill in the digital age, about one in five respondents reported that they had personally felt pressure to compromise their ethical principles in the preceding year. These responses revealed that the most commonly compromised principle was that of integrity, being straightforward and honest in all professional and business relationships.

“The professional accountants of the future will need, in addition to technical capability, a rounded skill set that demonstrates key quotients for success in areas such as experience, intelligence, creativity, digital skills, emotional intelligence and vision. And at the heart of these lies the ethical quotient,” says ACCA’s Warner Johnston.

The survey found that in the United States:

  • 90% noted that strong ethical principles and behavior will become more important in the digital age.
  • 94% found that ethical behavior helps to build trust in the digital age.
  • 89% felt professional accountants act in the public interest.
  • 92% felt that professional accountants upholding their code contributes to organizations’ abilities to uphold ethics.
  • 99% felt that International Ethics Standards Board of Accountants principles still apply and remain relevant in the digital age.

EY Launches Tax Technology and Transformation

New York-based EY (FY16 gross revenue of $11.2 billion) announces the creation of tax technology and transformation, a group of tax technology and performance improvement professionals in member firms across the globe that helps organizations to redefine their tax functions and drive transformation.

Tax technology and transformation services will be provided to companies in response to the impact of existing and emerging technology; the growing data burden that many businesses face and understanding how to make data an asset; and driving efficiencies to create a cost-effective tax function. The underlying objective of the new services is to help businesses navigate the digital age of tax transparency alongside new trends in tax compliance and tax audit methods as well as helping to solve the most pressing challenges that businesses face. Tax technology and transformation services will be provided with the support of EYTax.Tech™, a customized suite of client-serving technology services.

Tax technology and transformation will be led by Shawn Smith, the newly appointed EY global tax technology and transformation leader. He has experience in a wide range of tax function services designed to improve the operating performance of corporate tax functions for financial services.

“The pace of change in tax legislation, and the accelerated use of technology by governments as they automate their compliance and filing processes, is disrupting the traditional tax function. The creation of tax technology and transformation recognizes the significant impact that emerging technologies such as AI, blockchain, robotic process automation and advanced robotics will have on global business, as well as on our own tax practice. Increasingly, businesses are looking to professional services organizations to help them overcome technology-driven business challenges,” says Smith.

“In this rapidly changing world, tax services increasingly require significant technology and transformation elements to achieve their objectives. Our investment in tax technology and transformation professionals will see rapid growth in careers for science, technology, engineering and mathematics graduates, who combine technology and tax domain knowledge to experiment and incubate new ideas, then leverage those ideas for the benefit of our clients and our organization,” says Jay Nibbe, EY Global Vice Chair – Tax.

MIT Technology Review’s 50 Smartest Companies

As part of its July/August 2017 issue, MIT Technology Review published its list of the “50 Smartest Companies.” The list, put together by the magazine’s editors, highlights companies that have displayed an efficient combination of technological leadership and business acumen over the past year. The businesses on the list are not necessarily the biggest or most quantitatively profitable, though companies such as Google and Facebook do make an appearance, but features those whose business models allow for technological innovation.

The list serves as the Review’s best guess as to which companies will be dominant in the future. This doesn’t guarantee that they will become supremely successful, but it does mean that they have the potential to create and dominate new markets in an increasingly competitive business environment, according to MIT Technology Review.

CEO Outlook Shows How Innovation Comes of Age

According to KPMG’s 2017 CEO Outlook, 57% of U.S.-based CEOs revealed they lack sufficient processes to sense disruption in their respective markets. From startups and new competitors to emerging technologies to shifts in political, regulatory and economic conditions, companies without methods of sensing disruption may find themselves at significant risk.

“It’s encouraging that 72% of executives said they are actively disrupting the sector in which they operate, but in order to be successful, they need processes and capabilities that allow them to separate relevant weak signals from market noise,” says Mike Nolan, vice chair of KPMG’s innovation and enterprise solutions. “With a broader view of potential disruption, companies can develop sound strategies and make smarter investments to achieve both short and long term goals.”

Just under half of U.S. business leaders (43%) are confident that America’s economy will grow over the next three years and 37% anticipate growth for their respective companies. However, almost all (95%) believe that the level of top line growth will be less than 5% over the next three years.

“To meet investor expectations, it becomes even more important for companies to innovate. The hard part is balancing how much investment is necessary to succeed; too much innovation can starve a company’s core strategy, while too little can erode competitive advantage,” says Nolan.

According to the study, 6o% view technological disruption as more of an opportunity than a threat. In response, CEOs are placing a significant investment emphasis on emerging technologies areas such as data and analytics (61%), and artificial intelligence (58%) over the next three years.

As a core component of many important decisions made by leaders, the emphasis of increased spending on data and analytics focuses on ensuring data integrity. Nearly half of leaders (48%) expressed concern about data quality. As a result, one-third of CEOs revealed an inability to base business decisions on their data until they invest in improving its quality.

What has improved among CEOs is their confidence in integrating cognitive technologies, such as artificial intelligence. This year, 61% of leaders expressed concern over implementing cognitive technology, compared to 85% last year. The rapid advancement of the technology, its ability to augment employee productivity and improve quality of work has lead businesses to warm up to leveraging these new technologies.

For companies unsure of how to invest in innovation, leaders have options. They can determine whether to build a product or service from the ground up, buy a company with the product, technology or business model needed to increase speed to market, or ally with a proven entity whose complementary capabilities can increase value.

“Leaders have to ask themselves, ‘Are we making these investments to address a short-term gain, such as a reaction to a recent move made by a competitor?’ Or should we make this investment because it will help drive our longer-term business transformation?'” says John Farrell, national MP, KPMG’s innovation and enterprise solutions.

At a time when experimentation is expected, leaders must find ways to transform their ideas into reality without overburdening operations. Companies of all sizes can learn from startups by forming a business case supported by small “seed” investments before launching a full-scale product or service that focuses on enhancing customer experience and market value.

“This approach helps companies gain real-time insights so they can evaluate whether their innovation efforts should be accelerated, reinvented, or discontinued,” says Nolan. “With naturally competing interests and priorities, leaders need the resolve to manage these decisions to effectively execute their vision for success.”

Instagram is Tipping Off India’s Taxman

According to an article in Bloomberg, India’s government will begin amassing virtual information collected not just from traditional sources like banks but also from social media sites like Instagram and Facebook, as it looks to match residents’ spending patterns with income declarations. Officials will be able to spot those who pay too little tax without raiding offices and homes as they currently do.

While India’s economy is among the fastest-growing in the world, there is a disconnect with its revenue. This not only bloats the budget deficit, but it also triggers anxiety about overzealous tax sleuths. To combat this, Project Insight, built over seven years at a cost of about $156 million, will complement the world’s largest biometric identity database and India’s tax overhaul, Bloomberg reported.

“Data analytics is the way forward for tax administrations across the world,” says Amit Maheshwari, MP at New Delhibased Ashok Maheshwary and Associates. “This will also put an end to harassment by tax officials as there will be no public interface. Perceived randomness in scrutiny will come to an end.”

The project has three major phases:

  1. All existing data, including credit card spends, property and stock investments, cash purchases and deposits, will be migrated to the new system and a central team will send postal or email blasts to prod residents to file tax declarations. There will not be any physical interaction.
  2. Data analytics will mine, clean and process the information. Individual spending profiles will be created and inquiries will be more targeted. This phase is planned on being rolled out by December.
  3. Advanced systems will be used to predict future defaults and flag risks (live around May 2018).

New Research Finds Dearth of Finance Professionals with Big Data Analysis Skills

Chief financial officers may not be able to maximize the potential value of Big Data for their organizations due to difficulties attracting and retaining the professionals with the requisite expertise, research suggests. According to a new report from global staffing firm Robert Half and Institute of Management Accountants, or IMA®, finance leaders face significant shortages of accounting and finance professionals who possess the technical and nontechnical skills required for data analytics initiatives.

The report, Building a Team to Capitalize on the Promise of Big Data, is based on a survey of nearly 500 finance executives and managers. Survey findings revealed that the most severe skill gaps include:

  • Identifying key data trends
  • Data mining and extraction
  • Operational analysis
  • Decision analysis
  • Process improvement
  • Strategic thinking and execution

“Many organizations are being hindered by an inability to find and retain accounting and finance professionals who can turn data analytics into actionable business intelligence,” says Paul McDonald, senior executive director at Robert Half. “To successfully build teams with the necessary skills, financial leaders need to establish a comprehensive recruiting process and professional development program.”

“Management must support efforts to retain financial professionals with data analytics skills through attractive compensation and benefits, training, a supportive corporate culture and an emphasis on work-life balance,” says Kip Krumwiede, director of research. “Of course, since the number of internal employees with these skills is limited, businesses must also encourage continuing education and ongoing training.”

In addition to developing talent from within, the survey found that 44% of businesses are focusing on building their teams’ analytics skills by hiring from outside the company, while 39% of respondents are working with external consultants. Financial leaders also need to remove self-inflicted obstacles commonly reported: a lack of competitive compensation and inadequate workforce planning.

“Finding accounting and finance professionals with in-demand skills is always difficult,” says McDonald, “but especially in a competitive hiring environment and when companies hamstring their own efforts through poor staffing strategies.”

Tech Solutions Company Urges Preventative Care to Combat Cybercrime

The hyper-connected and data-driven business landscape creates an attractive target for hackers to infiltrate. Connected devices, cloud computing, Big Data, mobile technologies and remote working practices are digital trends open to being exploited by hackers who are becoming smarter and more sophisticated.

“In the rapidly evolving business landscape, it’s not a matter of if a business will be targeted, but when. Business leaders need to be well versed in both the opportunities and threats of the new digital business landscape. Technology has changed our lives: We can access emails from our phone, we can work remotely on the cloud from home, all of which have been enabled by technology, which continues to pervade every aspect of our daily lives. Bearing this in mind, it makes it increasingly important for businesses to protect systems, networks and data from threats,” says Tony Trama, director of security solutions at Micro Strategies.

According to EY’s 19th Global Information Security Survey 2016-17, only 22% of 1,735 respondents, who are global executives, information security managers and IT leaders, fully consider information security in their strategy and planning.

But despite concerns around the frequency of attacks, many U.S. businesses are not taking measures to protect sensitive data such as personally identifiable information, intellectual property or trade secrets, leaving them compromised. According to EY’s survey, 89% fail to evaluate the financial impact of every data breach and 49% had no idea what financial damage it caused. Global ransomware damage costs are predicted to exceed $5 billion in 2017, which has significantly increased from $325 million in 2015. And looking even further into the future, overall cybercrime damage costs are estimated to hit $6 trillion annually by 2021 (statistics according to Cyber Security Ventures’ Ransomware Damage Report).

“Prevention is better than the cure, so business leaders need to ensure they optimize their security programs to manage risk rather than simply focusing on compliance. They need to realize there are no magic bullets when it comes to protecting against advanced threats, that they need to identify and protect their critical assets, and of course, that they’ll need to up their game when it comes to protecting cloud and mobile. Good governance and practices should be in place to detect and respond to issues in advance to minimize the reputational and financial impact of these incidents. Businesses and governments are still reeling from recently publicized attacks, proving that having a robust security program and an educated workforce are key to minimizing the threat surface,” says Trama.