It feels like every week there are fresh headlines about hackers bringing organisations to their knees, and such stories always seem to be front-page news. In 2002, following a wave of high profile financial scandals driven by fraudulent accounting practices involving major US corporations including Enron, the heat was such that the government introduced the Sarbanes Oxley Act, or the SOX Act, in an attempt to restore investor confidence. Cyber-attacks have forced us to change the way we do business, and organisations must now take greater responsibility for cyber security and report cyber breaches. This is both an important and positive step because it enables government agencies to strengthen security and allows individuals to mitigate harm, but it’s only a good thing for your business if you’re prepared…
What Do The Sarbanes Oxley or SOX Have To Do With Business In Europe?
The SOX Act introduced major changes to the regulation of corporate financial practices: publicly trading companies are required to disclose the material risks they face from cyber-attacks and enable investors to properly assess the magnitude of those risks. Of course, regulatory compliance has always been an important part of the costs of running a business, and most market sectors are subject to compliance regulations that can dictate how they conduct business. But SOX places the responsibility and accountability for the tracking of information relating to financial performance very clearly upon the shoulders of management teams; heavily too, with fines of up to £3million and a potential 20-year prison sentence.
It’s not just across the pond. The SOX Act has also had a huge impact on European & UK businesses with US listings; 113 UK household company names are listed on the NYSE and NASDAQ, included in a total of 278 European businesses all facing ongoing compliance costs of tens of millions of pounds. There are still lots of companies scrabbling to play catch up and comply with the new regulations, often an expensive venture. In their panicked haste, many businesses have adopted a very problematic (if not now, certainly later) granular, bolt-on approach, testing and implementing hundreds, if not thousands, of measures and controls.
When Things Get Out Of Hand
Such an approach makes compliance a very time consuming and complicated process ongoing. Even more than it already is; indeed, the complexity and thoroughness required for compliance with SOX is particularly high, and turning out to be far more expensive, time consuming and generally difficult than businesses originally forecasted and budgeted for. It is predicted that between 10 and 20% of these UK companies will fail to fully comply in this first year and will have to admit potentially inexcusable weaknesses in their financial reporting processes.
You may not know by whom or when, but a cyber-attack will happen to you at some point. Your chances of being exposed to one are growing by the day and they are fast becoming one of the greatest risks of doing business. Hackers are getting smarter about security and with the rapidly evolving technological environment, cyber security management is becoming extremely difficult to manage. There are potential breaches everywhere and it’s impossible to plug every security hole; hackers can inconspicuously roam around in your systems for months before they strike or before you notice they’re even there and by then, it’s too late. All of those stacked security measures don’t mean a thing when your privileged accounts have been attacked, your data compromised, and the fingers are pointing at you. And a cyber-attack is not the ideal time to discover that your company isn’t adhering to basic compliance regulations.
WALLIX and You
WALLIX has the answer. Our WALLIX AdminBastion (WAB) suite enables your business to fulfil a massive requirement of the act. It protects what hackers look for and stops them doing any real damage, reducing the potential financial, regulatory and reputational risks and aftermath of such an attack, and offering multi-layer protection all from a single platform. It lets you control, oversee, monitor and record administrator sessions across multiple systems, so you always know who’s looking at and doing what. It’s also more accurate, thorough, cost-efficient and faster than the alternative method of employing various, separate, outdated measures. It lets you:
- Ensure only authorised users are able to access powerful privileged accounts.
- Prevent users from being able to elevate privileges without authorisation.
- Establish strict accountability over the use of privileged accounts by tracking who accessed which accounts and what actions were taken.
- Improve forensic analysis and adhere to regulatory compliance by generating a detailed, tamper-proof audit trail of all privileged account activity.
- Rapidly detect and alert on all abnormal activity that could signal an inside attack, even one in progress.
Last year’s Global Risks report by the World Economic Forum (WEF) stated “90% of companies worldwide recognise that they are insufficiently prepared to protect themselves against [cyber-attacks].” WALLIX has extensive experience in helping organisations to improve their overall security and compliance posture while simultaneously reducing costs. The WAB suite helps to enforce SOX’s goal of being both flexible and specific to the needs of the organisation. You can monitor your systems in real-time and investigations, reports and alarm rules can be set up, allowing for immediate notification and analysis of anything impacting your crucial business functions.
The Bottom Line
So many businesses are still behind the times on the issue of cyber security and don’t understand that a cyber security strategy should be integrated with your overarching business strategy; you have increased responsibility now, and not a lot of room for manoeuvre, so the WAB suite could have an invaluable impact on your business. “Similar to financial and reputational risk, cyber security risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organisation’s ability to innovate and to gain and maintain customers,” says the NIST (National institute for Improving Critical Infrastructure Security). Eliminating such hazardous risks not only protects you against the severe regulatory consequences of a cyber-attack, but also gives your company the confidence to grow, build relationships and make promises about trust and security that you know you can keep. You’re better safe than very, very sorry.