As software-related cyberattacks surge, CFOs take charge in fortifying defenses to safeguard against costly breaches and disruptions.
Amid the surge in cyber threats targeting software supply chains, financial officers and their departments are taking a more prominent role in understanding and mitigating these vulnerabilities. Reports of escalating attacks on software supply chains have underscored the critical need for CFOs to collaborate closely with IT and information security teams, actively participating in software selection and bolstering cybersecurity practices across their organizations.
According to the Atlantic Council, cyberattacks on software supply chains can permeate an organisation’s technology stack, compromising development tools, code signing, and firmware, often arising from exploited vulnerabilities in otherwise trusted software sources. These incidents, stemming from compromised updates or third-party systems, pose severe risks in today’s interconnected digital landscape.
Ruslan Yusufov, managing partner at MINDSMITH, emphasised the imperative for CFOs to engage proactively in understanding supply chain cyber risks. Citing the Ticketmaster UK data breach as an example, Yusufov highlighted the potential repercussions of supply chain vulnerabilities, urging CFOs not to underestimate these risks.
Symantec's research highlighted a staggering 78% increase in supply chain cyberattacks, with CrowdStrike's survey revealing that 66% of organisations experienced such incidents, inflicting an average financial cost of $1.1 million.
Todd Graber, CFO at SecurityScorecard, stressed the importance of collaboration between CFOs and chief information security officers (CISOs) in evaluating third-party security practices, especially concerning customer data access. Graber advocated for comprehensive risk assessments, internal protocols, and cybersecurity insurance to combat evolving threats like unauthorised cloud access and ransomware attacks via third-party connections.
Lisa Cranston, CFO at Protection Group International, emphasised the need to ensure suppliers’ cybersecurity measures align with organisational standards. She underscored the importance of evaluating suppliers' technical capabilities, incident response readiness, and adherence to essential cybersecurity standards like Cyber Essentials and ISO 27001.
Additionally, Cranston recommended strategic steps for CFOs, including secure data backups, careful supplier assessment, incident response protocol development, and a comprehensive understanding of asset value in worst-case scenarios.
Amidst these evolving threats, CFOs play a pivotal role in fortifying cybersecurity measures, leveraging risk assessments, strategic supplier evaluations, and comprehensive incident response planning to mitigate software supply chain risks and safeguard their organisations from potential cyber threats and disruptions.
A message from our sponsors, The Ideas Distillery:
If you would like to look at how to implement an ISO 27001 information security management system, then simply contact us.
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).
Comments