Cyber concerns show no signs of cooling off, former Homeland Security chief says

By Neil Amato

The digital sun will never set, which means that digital threats to business and government will only grow in the future, the former secretary of the Department of Homeland Security said Friday.

Tom Ridge, speaking at the AICPA CFO Conference in Denver, said two permanent global threats are something the world will have to deal with “perhaps in perpetuity, but certainly for a long time”: the “scourge of terrorism” and the “digital forevermore.”

Ridge was a member of the U.S. House of Representatives, the governor of Pennsylvania, and the first secretary of the Department of Homeland Security. He now leads Ridge Global Solutions, which specializes in advancing security and economic interests of business and government.

Not long ago, Ridge said, organizations viewed cybersecurity as something that could be handled by the IT department. Budgets for cybersecurity prevention were scarce and inconsistent. Today, concerns about cybersecurity are enterprisewide.

“Now it’s a major business risk,” he said. “It’s now a C-suite problem.”

And the concern won’t fade as the world grows more connected. According to technology market research firm ABI Research, 40 billion devices are expected to be connected to the internet by 2020.

“The digital sun is never going to set,” Ridge said. “It’s going to get hotter in the years ahead.”

Organizations must be more collaborative when it comes to fighting cyberthreats. In consulting with several large, public companies, Ridge said he was surprised by the lack of communication between the IT department and operations regarding system security.

He also relayed a conversation with the representative of one public company after a recent, successful merger.

“I said, ‘I know you guys did due diligence on the financial side. Did you bring in a third party and do some digital due diligence?’

“He said, ‘No, we didn’t have to do that.’ ”

Ridge called on organizations to be better prepared for the inevitable attempt by outsiders to break into systems. He also said that fighting cyberattackers encompassed planned responses after a breach.

Among the ways Ridge said organizations could better handle cyberthreats:

  • Prioritizing the most sensitive or critical data, such as a company’s “crown jewels.”
  • Assessing system vulnerabilities.
  • Regularly training employees.
  • Having contractual agreements with vendors related to their level of digital security.
  • Limiting or monitoring vendor access to an organisation’s data.

Taking such steps can help organizations build a “culture of resilience,” Ridge said. He added that threats are coming from all over the world, and he hoped that international cooperation could result in better monitoring but also more consistent punishment of cyberattackers.

Neil Amato ( namato@aicpa.org ) is a JofA senior editor.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

COLUMN

Deflecting clients’ requests for defense and indemnity

Client requests for defense and indemnity by the CPA firm are on the rise. Requests for such clauses are unnecessary and unfair, and, in some cases, are unenforceable.