According to the firm EY Global, three out of four companies increased their investment in cybersecurity, nevertheless, preventive procedures still need to be included to avoid any attack.
Security against cyberattacks is one of the main responsibilities for any business, in particular for the treasury, since it is responsible for the financial management. The firm KPMG in its report New Cybersecurity Challenges in the Mexican Financial Sector recognizes that cyber security fraud represents a total cost of 450 thousand million dollars globally.
Nowadays cybersecurity is one of the most important challenges. As extortion, fraud or blackmail shift to the internet, companies have become more vulnerable.
The Global Security Information Survey conducted by EY Global enlists the top 10 risks for companies from which they highlight: phishing (stealing information through e-mail) with 22% of the cases, malware (malicious software that damages operative systems) with 20%, fraud with 10%, internal attacks with 5% and espionage with 2%.
The latter reflects the need to consider integrated models that connect the company’s process with their personnel and the technology to build defense lines. Companies are investing in cybersecurity, nevertheless, they must increase resources to apply strategic prevention.
Usually the company’s vulnerability is internal, explains EY Global in its report. According to the survey, basic measures have been taken but lack of auto evaluations in terms of security makes the ability to respond less visible against a cyberattack.
This issue is more common in small or medium companies; at least 6 out of 10 large companies have an intelligence program to provide security even though its not just about investing in security, but also about achieving internal process transformation that includes all the employees.
KPMG also indicates that security models must consider each company’s needs, for example, capturing new clients against new competitors, and the need to digitalize while being exposed to higher risks.
This way, to innovate in a preventive model will help companies consolidate trust with their clients and minimize the impact in their reputation in case an attack happens. The company must be capable of detecting and identifying new risks to respond and recover in less time.
KPMG recommends the following security practices to protect companies from cyberattacks:
- Above regulatory compliance: it is not just about complying with the regulation. The purpose is to create processes that can decrease exposure to risk, for example, constantly verifying security controls.
- Prevention: having a response plan against a cyberattack is a good start. Nevertheless, companies must search for systems that can avoid vulnerability. Simple rules such as avoiding external devices or e-mail security shields might be a solution.
- Monitor new methods: In order for the process to work, it is key to test it with the purpose of detecting vulnerable areas that might be object of attack.
- Third party verification: Make sure suppliers or clients apply the same or better security standards tan the company.
Cybercrime evolves constantly so having a financial plan that provides a prevention strategy is not easy. In HSBC defending companies against cyberattacks is our priority, this is why we have the latest technology in place to guarantee security for our clients in every transaction.