Downtown Manhattan was the scene of a hacker’s nightmare today – seasoned security experts providing insight into how America’s firms, government agencies and even average citizens can shore up their defenses against cybercrime.
“Barely a day goes by where we don’t learn of Fortune 500 company or government agency that has had some kind of cyber break-in,” said Dr. Jonathan Hill, Interim Dean at Pace University’s Seidenberg School of Computer Science and Information Systems.
On Thursday, Dr. Hill unveiled a new report assessing how top-level managers in the finance and accounting industries are adjusting to a worsening global cybercrime landscape. The findings were issued at Pace’s third annual cybercrime summit with ACCA USA, the U.S. arm of the Association of Chartered Certified Accountants.
“This survey generated data that is reflective of a profession that is adapting to a serious external attack on its processes and systems,” said Warner Johnston, Head of ACCA USA. “The responses and needs of the main stakeholder groups – the financial profession, the IT profession and concerned government regulatory and law enforcement bodies – are evolving in response to progressing, ever more sophisticated threats.”
In the survey, ACCA members were asked about company policies and personal practices regarding cybersecurity, as well as how evidence of cyberattacks were communicated within firms. The survey detected troubling patterns that exposed weaknesses in communication and preparation, despite increasing reports of cybersecurity breaches across the globe and deep into U.S. federal agencies.
Nearly 50% of ACCA members surveyed indicated that their firms likely would hire consultants after a breach occurred, and while about two thirds were aware of their companies’ cyber risk management policies and procedures, one third had no knowledge of their internal policies on data encryption in transit or in storage.
Additionally, 57% felt their IT systems were well-protected against cyberthreats, though over two years the percent of those worried about cybercrime rose, to 58% among auditors and 48% among accountants, from a year ago.
ACCA, which was founded in 1904, is the global body for professional accountants, with 170,000 members and 436,000 students in 180 countries. Its third annual cyber summit drew nearly 150 business and law enforcement professionals, academics, students, and members of the public to discuss data breaches, hacking attacks, cloud-based security measures, and state-of-the-art risk management measures.
“I’d like to thank the Association of Chartered Certified Accountants for co-sponsoring this Symposium and working with us to raise the visibility of this very important issue,” said Stephen J. Friedman, President of Pace University. “We don’t discuss it enough – and the uncertainty and lack of confidence that secrecy engenders transforms the impact of crime into a form of terror. A lack of public discussion is highly unwise; it impedes our ability to protect ourselves and diminishes our confidence in our leaders.”
The event featured a panel moderated by Time Warner Cable New York 1 News Anchor Annika Pergament, who grilled experts on the flaws inherent in corporate thinking about combatting cybercrimes.
“There is no golden gem, and the more you get involved in cybertech you realize that it’s not the technology that’s going to save us,” said Col. Timothy Lunderman, National Guard Bureau Advisor to the Commander of U.S. Cyber Command USCYBERCOM and National Guard Bureau Cyber Division Lead. “It’s people, processes, and technology.”
Added Lt. Col (retired) David Halla, Director of Operations for the Electricity, Information Sharing and Analysis Center (ISAC), “The bottom line is are we vulnerable? Yes, we are all vulnerable.”
“It’s not necessarily if you’re going to be attacked or if you’re going to have a cyber incident, it’s when,” said Emily Mossburg, Principal, Cyber Risk Services – Resilient practice leader, Deloitte Advisory.
Ms. Mossburg stressed the need for entities to conduct cyber simulations proactively to improve their practices.
“It means having the details and processes and plans in place that talk about what’s going to happen, who’s going to be responsible,” she said.
The report can be found here.
-by Jeff Simmons