LATEST THINKING
|
|
PROCUREMENT’S NEXT FRONTIER
AN INDUSTRY UNDER ATTACK
The increasingly digitized and connected world of commodities trading is experiencing concerted cyber attacks from criminals and hacktivists to intentionally cause financial and reputational damage to companies.
Managing an organization’s response to cybersecurity should be a priority for the entire enterprise and requires cross-organizational collaboration. Approaching cybersecurity with the same rigor and accountability as more traditional commercial and operational risks is crucial in minimizing the damage caused by security breaches.
CAUSES, COSTS AND
CONDITIONS
Recognizing factors that contribute to the problem—and understanding their enormous cost, is beneficial to battling the situation:
-
Data Underappreciation
Organizations suffering breaches have not fully appreciated data as the lifeblood of business. Compromised data may put human safety at risk, lead to competitive disadvantage, and pose significant legal and financial consequences. -
Multiple Failure Points
Organizations that suffer data breaches typically experience multiple process and procedure fails that can go undetected for days, weeks or months. -
Costly Data Breaches
Joint research conducted and developed by the Ponemon Institute and Accenture estimates that the cost of cybercrime is now 23% more than last year—costing companies US$11.7 million on average.
WHAT CAN BE DONE?
Effective cyber defense depends on taking these 12 basic steps. See if you can identify the approaches already employed within your company. If anything is missing, it might be time to reassess your strategy.
-
01
IDENTIFY
HIGH-VALUE
ASSETSThis involves identifying data that’s most critical to your business, subject to the most stringent regulatory penalties—and most important to your trading edge and differentiation in the market. -
02
HARDEN
HIGH-VALUE
ASSETSThis involves making a data breach as difficult and costly as possible for attackers to achieve their goals—while also limiting the damage they can do. -
03
CREATE
NETWORK
ENCLAVESCreating enclaves helps limit an attacker’s maneuverability if the perimeter of your company is breached on or off-premise—particularly through 3rd parties that you may do business with. -
05
SIMULATE
SCENARIOSRun catastrophic scenarios to help validate that you can detect adversaries and verify that you are prepared to respond. -
07
PATCH
YOUR
SYSTEMSA good threat intelligence program provides automatic notification when applications with high-value assets require a patch to avoid being exploited. -
08
LIMIT, MONITOR
& SEGMENT ACCESSUse two-factor authentication as much as possible and use role-based access to decide who’s allowed to see what data and what systems. This helps limit damage if any one user’s credentials are compromised. -
09
MONITOR
24/7Monitor continuously and vigilantly for unauthorized access and for undiscovered threats and suspicious user behavior. -
10
DEVELOP
THREAT
INTELLIGENCEPut a sustainable threat intelligence program together that collects and curates both strategic (human) and tactical (machine) threat intelligence. -
11
BUILD
A SECURITY
ECOSYSTEMSupplement in-house talent and skills with a diverse specialist support system that managed services organizations (MSOs) can provide. -
12
PREPARE
FOR THE
WORSTTransform your incident response plan into a crisis management plan that can be enacted quickly and effectively if a worst-case scenario materializes.
MEET THE AUTHOR
Richard Payne
Managing Director
Commodities Trading & Risk Management
Accenture
 |
CONNECT WITH US
Join the conversation on social and visit our homepage for industry insights and trends.
CHEMICALS
 |
 |
MINING & METALS
|
|