There is a distinct overlap between the rapidly developing cyber security landscape and much -needed resources within varying company departments.
However, it’s a little complicated.
Traditional ‘high-security risk’ departments are evolving and so are the lower-risk ones. The major areas to re-evaluate are the who and how in access to personal data, top-down power over employees, users of tech communication as part of everyday business, communicators with banks and financial decision-makers.
Departments that have been huge affected by cyber security risks are HR and Finance.
Human Resources in a traditional sense is not seen as a security threat as they don’t handle company funds, have scant purchasing power and are restricted in access to major customers or suppliers.
Fast-forward to the modern cyber landscape and there are multiple reasons for focusing cyber security efforts in Human resources, leaving aside the upcoming California regulations that will likely, have a ripple effect across the USA.
- HR controls access to highly-sensitive employee data.
With all that personal data including dates of birth, medical issues, salary information contact details, work/education history, we are looking at highly usable and hackable data.
- HR regularly makes instructional contact with all employees but it isn’t highly interactive with staff.
This makes them a target for cyber impostors to impersonate and gain access to various private information.
- HR applications and cloud services are becoming standard operating procedure across companies
Eyebrows are being raised over the potential errors in adequately safeguarding employee relations, staff safety, labor law compliance and training materials.
The company’s finance department is a key target as it is both: the final stage before funds leave the organization and a storage house of sensitive company information, licenses, tax details.
Quite often, in cases of cyber-fraud, assets have left the company prior to attack detection. This in large, is a consequence to having access to data that is highly sensitive, and unlikely to be encrypted.
There is a high level of trust with incoming emails, which may or may not have to go through a quarantine process before they arrive and with such a high level of work being performed remotely, its easy to see vulnerabilities exploding in the Finance department.
This could be actioned through fake emails and hackers gaining control of endpoints security controls. Hackers could give convincing looking authorization, deep in highly secure and closed-door environments.
Remember the attack of the Union Bank of India, where attackers attempted to steal $171 million? The experts said that the malware was clearer part of a wider and adaptive campaign set to work across different banks and that the hackers clearly possessed ‘sophisticated knowledge operational controls in the bank”. Basically, once the hackers know the operating systems within the Finance department, the lock to the vault was opened.
Department Deep Dive
A new, pragmatic approach to departmental vulnerabilities needs to be performed throughout every organization, as soon as possible. Companies must learn to mitigate the risks of each department with the changing cyber risks.