President Promises to Tackle Cybersecurity

IMGCAP(1)]Beyond the expected calls for tax fairness and middle-class relief, the President’s State of the Union address touched on a number of other significant topics.

While it wasn’t one of the points that garnered as much attention in the press, the SOTU address covered a range of actions to reduce cyber threats and data privacy risks.

In a Global Cybersecurity Status Report survey conducted just before the State of the Union address, ISACA (Information Systems Audit and Control Association) showed that close to half—46 percent—of respondents expect their organization to face a cyberattack in 2015. ISACA is an independent, nonprofit organization devoted to the furtherance of cybersecurity. The survey was conducted from Jan. 13 through 15, 2015, and is based on online polling of 3,439 members in 129 countries, including 1,211 members in the United States.

“ISACA supports increased discussion and activity to address escalating high-profile cyberattacks on organizations worldwide,” said Robert E. Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. “As Washington calls for action, we hope they take a clear and straightforward approach, working in close coordination with industry. Cybersecurity is everyone’s business, and creating a workforce trained to prevent and respond to today’s sophisticated attacks is a critical priority.”

Funding the defense to the financial organization is one of the challenges facing accountants, according to Stroud. “There has to be enough money in the budget to protect the organization,” he said. “Having the appropriate controls around financial information is vital.”

“There needs to be a plan of attack to counter the effects of loss of a data breach,” he said. “Sony, Home Depot, Target and JP Morgan are examples of this happening in 2014. They can involve credit card and other private information, as well as information about the financials of the organization itself.”

Accounting firms are especially vulnerable to being targeted, according to Stroud. “We found that mid-range accounting firms will be just as susceptible as anyone else,” he said. “It’s not just the large enterprises that people will go after. Any organization with intellectual property will potentially be a target.”

The survey results show that 76 percent agree or strongly agree with President Obama’s proposed federal law requiring companies to notify consumers of a data breach within 30 days. When asked about the obstacles to timely notification, respondents ranked company concern about corporate reputation first (55 percent), followed by adequate system design (15 percent), increased cost (13 percent) and insufficient staffing (10 percent).

At the moment, 48 of the 50 states have some sort of notification legislation regarding data breaches, noted Stroud. “However, there’s no consistency across the states.”

The ACCA (Association of Chartered Certified Accountants) USA likewise agreed with proposed measures to increase cybersecurity.

“President Obama’s proposal to strengthen cybersecurity and privacy measures is emblematic of the heightened fears many businesses and individuals harbor that their most sensitive information will be electronically pilfered,” according to a statement by the ACCA. “Unfortunately, as we have seen on a grand scale in recent months, criminal enterprises are identifying new ways to hack and steal data more quickly than technology is advancing.”

“The issue of cybersecurity is expansive, ever-changing, and extremely important,” said the ACCA. “We are encouraged by the President’s call for greater information sharing between the federal government and private companies, but urge the administration to ensure that appropriate controls are implemented to assure privacy of sensitive information.”

Eddie Schwartz, president of WhiteOps and chair of ISACA’s Cybersecurity Task Force, indicated that it is critical to begin to disrupt the cyber adversaries and their economic and political incentives. “This disruption requires a concerted effort, and the government either can play a modern and effective leadership role or be a passive bystander commenting on the state of affairs,” he said.

For reprint and licensing requests for this article, click here.