CFO Studio Magazine with Dominic Caruso, CFO, Johnson & Johnson

EVENTS EXECUTIVE DINNER SERIES The Road to Cybersecurity THE HACKER THREAT IS A TOP CONCERN, BUT CFOS CAN PUT MEASURES IN PLACE TOPROTECTDATA K eeping an organization’s computer network safe from hackers used to be in the hands of the IT department, but as cyberterrorism becomes a bigger and bigger threat, more CFOs are shouldering a large part of the responsibility. According to Lynn Calhoun, CFO of BDO, USA, LLP, which provides assurance, tax, financial advisory, and consulting services: “This shift is due, quite simply, to the costs and risks involved in a cybersecurity breach.” While IT people certainly play a critical role in preventing and responding to such an attack, “the CFO—as well as others in the organization— is getting pulled into the discussion to balance costs, risk, and overall investment.” Mr. Calhoun spoke on “Digital and Info Risk: Threats, Cost, and Opportunities for World-Class Companies” at a World-Class Companies CFODinner, part of CFO Studio’s Executive Dinner Series, held recently at Morton’sThe Steakhouse in Chicago. CFOs from select Chicago-area companies attended the invitation-only dinner. Mr. Calhoun began the evening’s discussion with this eye-opening observation: “Nobody really knows where the next threat is coming from.” He continued, “The sheer number of people out there spending volumes and volumes of time trying to figure out ways to hack into your system is far greater than the time you’ll ever have available to get into position to respond to those threats or prevent them from happening.” He noted some of the typical, more common threats to cybersecurity, such as the ability to gain access to passwords, bank accounts, and credit card and social security numbers, but pointed out that today’s cyber terrorists are coming up with some unique and creative ways to solicit funds directly from an organization. “They have become quite adept at creating false emails that appear, on the surface, to be from someone of great authority in your company.” In most cases, the email is purportedly from the CEO, authorizing the CFO to make a payment to a particular entity with instructions to “get it done, and [you’ll] be filled in on all the details later.” Close inspection reveals such emails to be fakes, he said, but “they do look quite authentic to the untrained or very busy eye.” An Ounce of Prevention In an effort to stay a step ahead of the hackers, Mr. Calhoun said every organization must attempt to determine the source of real and perceived risk. “On a broad scale, you’ve got risk everywhere. But if you can narrow it BUSINESS DEVELOPMENT PARTNERS Q4 2016 WWW.CFOSTUDIO.COM 31 The comments made by these guests are their own and may not reflect the opinions and/or policies of their companies or of CFO Studio, and/or its promotional partners.