Traditional siloed approaches to organizational structure are no longer tenable due to the increasing sophistication of cyber attacks and the complex web of regulatory requirements. This is especially the case when it comes to safeguarding business payments.
The key to fighting back is the creation of a unified front between security and finance teams.
As a financial services industry veteran, I know firsthand that payments have long been a prime target for cybercriminals. Today, these attacks are happening with greater frequency and wreaking more devastation than ever. According to the 2024 AFP Payments Fraud and Control Survey Report, 80% of businesses experienced attempted or actual payment fraud in 2023, and 41% suffered losses from fraud.
Stopping this bleeding begins with the realization that it’s no longer just about protecting your organization.
When considering cybersecurity measures, we must consider vendor partners. That’s because supply chain attacks are on the rise, and they are costly. Gartner estimates that 45% of organizations worldwide will experience software supply chain attacks by 2025, and Cybersecurity Ventures estimates that organizations will lose $60 billion because of these supply chain attacks by next year.
It’s not just these financial losses that should have businesses concerned. Attacks on business payments are eroding trust among suppliers and partners, disrupting operations, and resulting in regulatory fines and other consequences. Yet still security and finance teams in many organizations continue to operate in silos.
This disconnect is a luxury that businesses can no longer afford. In fact, it’s essential to protecting the organization’s bottom line.
Overcoming Departmental Gap Challenges
Bridging this gap is not without challenges. Security and finance teams often speak different languages, use different tools and have differing priorities.
Security teams prioritize protecting the organization's data, systems, and networks from cyber threats, while finance teams concentrate on business payments, financial performance, and regulatory compliance. These divergent priorities can lead to misaligned objectives and strategies.
Organizations must take proactive steps to overcome these challenges. One step is to create cross-functional teams that include members from both the security and finance departments. These teams can promote knowledge sharing and help build a culture of collaboration. They can also work on joint projects and initiatives, fostering a sense of shared responsibility for the organization’s overall security and financial health.
This push for cross-functional awareness is happening at the industry level. The National Association of State Boards of Accountancy (NASBA) and the American Institute of Certified Public Accountants (AICPA) launched the CPA Evolution initiative. This initiative is changing the licensure model to foster a better understanding of the technology landscape among new CPAs.
Another vital step is implementing integrated risk management frameworks that incorporate cybersecurity and financial risks. This holistic approach ensures that both teams are aligned in their risk assessment and mitigation strategies.
Offering cross-training programs that allow security professionals to learn about financial concepts and vice versa helps team members better understand their counterparts’ challenges and priorities.
Technology will also help facilitate this collaboration. Implementing an end-to-end business payment security platform enables data sharing and collaboration between security and finance teams while maintaining compliance with regulatory requirements. These tools can help break down silos and create a more unified approach to managing vulnerabilities in payment processes.
Perhaps most importantly, this shift towards collaboration must be championed from the top, specifically the CISO, which needs to prioritize and actively support the convergence of security and finance teams. This may involve allocating resources, adjusting organizational structures, and setting clear expectations for collaboration.
The Benefits of a Collaborative Approach
By fostering this collaboration, organizations can develop a comprehensive approach to business payment processes—one that allows teams to more effectively identify and mitigate threats internally and externally.
Using sophisticated AI-powered technology, security teams can help finance teams thwart external threats such as business email compromise (BEC), deepfake attacks, and executive impersonations. They can also help to identify internal threats such as duplicate payments and human errors that result in significant financial loss each year.
This collaboration should be supported by the development of organization-wide policies that provide technology and vendor engagement guidelines. For example, as security teams look to implement zero-trust frameworks, they will find many systems, especially within finance, are considered legacy and cannot support zero trust.
If organizations are committed to a zero-trust architecture, these legacy systems must be replaced. The finance team, especially those with cybersecurity knowledge, will be critical in evaluating new technology that meets their needs and the requirements of a zero-trust security framework.
Driven by the CISO and carried out by the security team, this initiative requires that the finance team work only with third-party vendors that adhere to zero-trust principles and meet the organization’s security standards. This effort mandates close collaboration and adherence to organization-wide security policies.
As a result, the CISO can more easily implement a comprehensive zero-trust framework across the organization and address the vulnerabilities caused by legacy systems and non-compliant third-party vendors, which we know are highly susceptible to attacks.
Collaboration is also vital to managing the regulatory landscape that has become increasingly complex. Today, stringent security requirements span both security and finance domains. By fostering collaboration, the two sides can navigate the regulatory maze more effectively and ensure compliance with regulations related to data protection, financial reporting, and risk management.
More Security and Compliance
Breaking down the silos between finance and security is no longer optional; it's a strategic imperative.
As we navigate the digital transformation and evolving threat landscape, the synergy between security and finance teams will become an increasingly critical factor in protecting ions can achieve a more secure and compliant operational environment in an increasingly complex and interconnected financial ecosystem.