The cybersecurity landscape has become considerably more complex over the last decade. Between the rapid adoption of remote work and the proliferation of new tech tools, finance chiefs and their IT counterparts are grappling with an ever-changing set of potential vulnerabilities.
Hackers, whether working on their own or as part of wider criminal rings, have stepped up their attacks in an era of “deepfakes” and artificial intelligence-generated content. In just one example, in early 2024, an employee at a Hong Kong-based multinational was tricked by a deepfake video of the company’s CFO into transferring over $25 million to multiple external bank accounts.
Daniel Tobok, CEO of Miami-based cybersecurity firm Cypfer, noted that cyberattacks have been around for the better part of the last two decades. What’s changed, he said, is that hackers are finding ways to monetize their efforts and extract funds from victims.
“You can be in different places around the world, and as long as you have a strong connection and a laptop, you can get online and cause damage,” Tobok said in a Tuesday interview.
There’s been at least one legislative effort to stop deepfakes from wreaking financial havoc. In June, a bipartisan pair of senators introduced the Preventing Deep Fake Scams Act, which, if passed into law, would create a task force that would study “issues related to artificial intelligence in the financial services sector.”
The law, evidently, is still catching up to technology. In the meantime, Tobok offered a few tips for finance chiefs to stay ahead of cyber threats.
1. Finance leaders need to be involved in their companies’ cybersecurity efforts
When Tobok’s team is called in to help a client after a breach, they’ll typically ask him what they can do to ensure it doesn’t happen again. Tobok often replies with a question of his own: Who’s on your cyber committee?
If they don’t mention a senior-level finance employee, Tobok said, “that’s your first problem.”
As he sees it, finance leaders’ input and company knowledge are critical in cyber defense initiatives. Tobok estimates his firm investigates upwards of 2,500 cyber incidents a month, and about a quarter of them involve wire fraud. An organization’s finance department, he said, is often the chief target for hackers.
“Cybersecurity is not an IT problem,” Tobok said. “It’s an operational, legal and financial issue for any organization.”
2. “Data hygiene” is paramount in any automated workflow
As companies race to find ways to incorporate new forms of artificial intelligence into their workflows, they’ll need to be even more conscientious about protecting their data, Tobok said.
AI tools rely on piles of data, and if the datasets become compromised or corrupted, it can have compounding consequences. Tobok noted that attacks involving “data poisoning” — compromising a company’s own internal data — have been starting to increase. “Threat actors are going to the source,” he said.
To fend off potential attacks on data, Tobok urged scrupulous documentation of who is uploading, saving or using company data. Limiting the number of administrators who deal directly with data can be helpful, too, he said. “You’ve got to have a systemic way of ensuring nobody [outside your organization] has access to your data,” Tobok said.
3. Remote work has its own vulnerabilities, but there are workarounds
Your corner coffee shop might be a favored out-of-office spot for you or your employees to work, but Tobok noted that public Wi-Fi networks have their own vulnerabilities. He advised using a VPN if using public Wi-Fi. A firewall doesn’t hurt, either.
In fully remote or any work-from-home scenarios, company leaders need to ensure their employees’ laptops and home internet connections are protected. In some cases, “your security is only as good as someone’s home router,” Tobok said.
