Technology illustrates rapid pace advancement with corresponding costs and security vulnerabilities. Therefore, detecting and preventing financial fraud has become increasingly challenging with growing threats to cybersecurity. Business leaders’ focus on their IT infrastructure and their choice of technology and applications affects the security of employees and consumers alike.
Organizations are becoming increasingly vulnerable to cybersecurity threats. Organically growing complex, non-standardized, decentralized and fragmented internal IT organizations can lead to fraud vulnerability, poor performance, extra work delays, unnecessary cost and financial loss.
Immature practices limiting data and information sharing and complex network architecture also allow vulnerability. An additional risk exists in limited technology project monitoring. If no standardized risk assessment methodology is in place, it makes it difficult to prioritize investment and can lead to large failed projects with fraud and cybersecurity exposure.
"Hosting applications in a Cloud environment can result in greater availability, mitigation of fraud exposure from hacking, better audit controls and monitoring, and substantial savings"
The role of the CFO has changed from being the keeper of accounting records to the driver of business change with data and financial information. The CFO should be prepared to be a trusted advisor and partner to the CEO in the development of strategic plans and to drive innovation throughout the organization all while controlling costs. But to truly be effective, it is impossible to ignore the data and fraud risks related to cybersecurity as part of the role. Driving the importance of a modern IT infrastructure and advising how transforming your IT organization will enhance security, mitigate fraud exposure and provide savings and efficiencies is critical to your business’ success.
The technology I foresee as having the greatest impact on these risks is the migration from on-premises IT infrastructure to the cloud. This will not only provide the opportunity to reduce operating costs but will also reduce the reliance on overbearing and antiquated support models. Application modernization and Cloud strategies involve migrating key applications from physical servers to a Cloud environment. Hosting applications in a Cloud environment can result in greater availability, mitigation of fraud exposure from hacking, better audit controls and monitoring, and substantial savings.
The move to Cloud-based technology includes serverless architecture, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) solutions. This technology is forcing changes in the way we work. Gartner projects, it is expected that by 2021, more than half of global enterprises already using Cloud technologies today will operate entirely on Cloud.
Therefore, modernizing your infrastructure by transitioning to cloud services, which are more secure and cost-effective than on-premise hosting should be incorporated as a key IT and business goal. Understanding your server base and taking mitigating actions is a good first step This infrastructure overhaul includes decommissioning dormant servers, consolidating underutilized servers, and using the remaining in the most efficient way possible.
A reduction in the portfolio of servers that are a target for fraud yields immediate reduction in the vulnerability and risk of fraud. There are constant, daily threats to your data from people attempting to access your systems or execute transactions that they shouldn’t and a smaller base of computing resources is much easier to defend.
You can also provide much better technology services critical to your organization if you have fewer things to manage. An example of this is the patching of servers: security patching, and functionality patching. A patch is required when the creator or manufacturer of hardware or software must fix a bug or defect including security vulnerabilities that can be exploited to perpetuate fraud. With expanded resource capacity these patches can be applied expeditiously.
Simplicity and reduction in complexity also enhance basic monitoring of those servers, either for performance or for security, because you have fewer things to perform those activities on. Security Advisor Roger A. Grimes notes that 80 percent of security breaches are related to vulnerabilities that had patches available from the manufacturer when the vulnerability was publically known. Things go unpatched because organizations have too many things to manage, so by reducing the number of servers you can have consistent patch management and consistent security and performance monitoring.
This process of looking at your computing resources extends beyond virtual and physical servers. It can also apply to databases, storage arrays and software applications. You can secure your endpoints by buying and standardizing desktop hardware, support and software. Utilizing productive, modern, secure and responsive tools for end-users and implementing modern protocols such as multi-factor authentication or two-step verification reduces the risk of fraud.
Another important aspect of security is knowing what assets you have. The Center for Internet Security publishes security protocols to help reduce cyber attacks. The first two items on that list are related to asset management, knowing all the hardware assets and all the software assets that you have. So, in addition to decommissioning and consolidating servers, you also want to make sure you have a good inventory baseline and that there is a business model in place that supports a continuous inventory of everything that is being added to or taken off the computer networks.
Implementing a focus on vulnerability management in your organization is imperative including scanning for vulnerabilities and penetration testing. Incident detection and response is critical for remediation of a compromised system.
Migration to the Cloud will allow IT staff to focus on core applications rather than supporting multiple layers of infrastructure such as generators, cooling and data racks. This translates to more uptime and better patching, monitoring, and servicing of the computing environment resulting in faster system response times, more reliable service, and immediate failover in the event of an outage to ensure no impact on the end users.
As more and more applications are migrated to the Cloud, the workload will not increase; it may change and require companies to invest in training for employees to learn necessary Cloud-based and security technology skills. Finance leaders focusing on IT will achieve a resulting employee base with leading-edge and in-demand skills along with a secure fraud-free environment for today and the future.