The complexity and sophistication of technology is as much a boon for cyber attackers as it is for businesses.
While finance and other operational teams are being asked to understand and be vigilant of cyber risks, the cyber team is also being asked to understand business needs, says Julia Seppä, strategic client program manager for Risk Advisory in Deloitte Finland.
As finance functions look to update their systems with cloud-based software, this is encouraging more interaction with cyber security teams. Now, cyber and finance are collaborating on technology projects as organisations improve the efficiency of their finance processes and the security of their systems.
There is also pressure on cyber security teams to improve their communication skills to help break down some of the barriers that might have caused issues and clashes in the past. “It’s still technical, you have to know how to configure things,” says Seppä. “But there are also new team members that are more on the communication side. They are interpreters that translate really core technical information for the wider organisation.”
This is breaking people out of their departmental silos and encouraging more communication and understanding between teams. Closed-minded leaders will miss out on opportunities for improvement if they do not embrace and learn from their cyber security teams, says Seppä. “It will make your life much more interesting and exciting if you adopt a broader mindset and be a little bit more open.”
Improving cross-team communication goes better if leaders set a strong tone from the top, says Seppä. Sometimes it will take proactive people in the finance function to take the first step, but these are exceptional circumstances; it’s a cultural change and needs to be driven by the leadership.
“The CFO needs to make sure that there are those key programmes and projects with cross-functional teams. That might be the CFO inviting cyber to get involved with a finance transformation project, or requesting a representative from finance on a cyber/IT project team.”
The CFO ought to make sure that the finance representative is being recognised for working collaboratively, Seppä adds, and this works the other way around as well. If a member of the cyber team is working collaboratively with other businesses, they should be recognised for their efforts. This will encourage others to get involved.
“This is sometimes easier for smaller organisations than it is for larger ones, as they’re often less hierarchical. People get used to working across different disciplines. With larger ones, it will take a more concerted effort from leadership.”
CFOs should identify the individuals in their teams with a solid internal network of relationships as people to lead the way on increasing this collaboration culture, Seppä advises. “They can help clear the way to drive these projects forward along with other teams, including cyber security.”
Without opening up this collaboration and communication, organisations are making themselves more vulnerable to greater cyber risk. When people feel like cyber security gets in the way of doing their job, frustration will build, which can cause them to be demotivated, increasing the likelihood of error.
“If things stall and your team is not changing their ways of working or resisting technology updates, your ways of working are not very secure. You are more exposed to cyber attacks, whether they are targeted or non-targeted.”
Establishing connections can help to pave the way for better engagement with cyber security. “It just comes down to being human,” says Seppä. “If you can develop those connections, working with cyber teams will get easier.”
Read more: CFOs should take the lead
Cyber security awareness
Each year ICAEW marks global Cyber Security Awareness month with a series of resources addressing the latest issues and how to protect your business.