In recent years we have seen an upward trend in the mid-market's intentions to invest in technology. This may not just be about productivity or staying ahead and keeping pace with changing markets. It may also be due to a more defensive aspect: that the investment seeks to acquire or improve the company's cybersecurity to mitigate the increasingly frequent and sophisticated digital risks.
The International Business Report began in 2024 to measure the perception of digital risks as a limitation. In the first quarter, 25% of Argentine mid-market business leaders surveyed said they were concerned about cybersecurity, while 45% announced their intention to invest in technology. In the same period, globally, 50% of leaders viewed digital risks with concern and 66% planned to invest in technology.
The International Monetary Fund points out that direct economic losses due to cyberattacks have quadrupled since 2017 and stand at USD 2.5 billioni. “This situation goes hand in hand with changes in the ways companies relate to their clients, suppliers, employees, etc., and it would be expected that they will increase in the future,” says Cristian Bertone, BRS – Financial Services Partner and IT Advisory leader at Grant Thornton Argentina. “The multiplication of digital channels, added to the lack of risk perception, the frictionless demands of the user and the speed of adoption of new technologies, put companies at a crossroads.”
Each successful attack not only has an economic impact but can also have legal and reputational consequences for the business. These attacks damage the company's image, the trust of clients, allies and stakeholders is lost, the business is exposed to public scrutiny and, depending on the nature of the incident, there may be regulatory repercussions detected by control bodies that lead to sanctions.
The extent of the damage will depend on the size of the data breach, how quickly and effectively the company was (or is perceived to have been) in stopping the attack, the number of parties affected, and the company's track record of previous incidents or protective measures.
Since the pandemic, cyber incidents have tripled and become more sophisticated. IT teams can no longer be solely responsible for preventing and containing threats. Organization leaders and their teams must understand the risks and find ways to avoid exposure to potential attacks.
In the third quarter of 2024, globally, 69% of mid-market companies plan to invest in information technology over the next 12 months. Of this percentage, 66% indicate that it will be in artificial intelligence (AI). “Given the context we are experiencing, it is important to keep an open mind and not refuse the innovation that these new tools can bring,” says Bertone.
Knowing them and monitoring their evolution is key to mitigating and preventing risks, while it can facilitate defences. For example, AI can make attacks more sophisticated while allowing control and analysis processes to be optimized. The World Economic Forum's Global Risks Report 2024ii indicates that the negative consequences of advances in AI and related technological capabilities entered the ranking of perceived risk severity in the long term (10 years), ranking 5th for both the public and private sectors.
“With our teams, we have been observing for some time the availability of software development tools that allow us to manage alarms, optimize codes, correct programming errors or translate from one code to another,” highlights Bertone. “The parameterization process of these tools is key, as is their subsequent testing, to ensure that the use of AI truly adds value and allows us to achieve the objectives that are in mind when making these investments in new tools.”
AI can also be used to develop a vulnerability management system that can take the company beyond. Grant Thornton Luxembourg, for example, developed an AI-based vulnerability management system with a diverse team of cybersecurity experts, IT engineers and business strategists. It not only flags vulnerabilities based on traditional risk metrics, but also aligns those risks with the company's business priorities, improving overall efficiency and strategic focus.
In Argentina, the Equipo de Respuesta ante Emergencias Informáticas Nacional (CERT.ar - National Computer Emergency Response Team) showed that in 2023 the finance sector was the biggest target of cyberattacks, accounting for 31% of the incidents recorded.
The Banco Central de la República Argentina (BCRA - Central Bank of Argentina) has been working towards Cyber Resilience for some time and has established a series of mandatory guidelines and requirements to deal with cyber incidents and limit risks.
“The BCRA Comm A7724 issued in 2023, for example, updated the mandatory requirements that financial entities in Argentina must implement for the management of information systems (IS) and information technologies (IT). It incorporated new controls and topics to consider, ensuring that all entities have effective practices for internal control and risk management of their IT/IS operating environment,” comments Fabián Bogado, Director of IT Advisory at Grant Thornton Argentina.
The BCRA has also established guidelines for response and recovery from cyber incidents (RRCI) that must be applied before, during and after the incident. “Although these are aimed at financial institutions, payment service providers that offer payment accounts and financial market infrastructures, they can be adopted by any institution or company since they are of a general nature,” Bertone points out.
Establish a governance framework to organize and manage cyber incident response and recovery activities. Define decision-making by assigning roles and responsibilities to internal and external participants.
“Effective management requires fostering a cybersecurity culture throughout the company, with everyone knowing their role and responsibility. It is necessary to establish metrics to assess the impact, measure the efficiency of RRCI activities and report,” Bertone stresses.
Preparedness to deal with incidents plays a significant role in the effectiveness of RRCI activities. Defining policies, plans and procedures to know when and how to act will allow an orderly and successful response. A strategy, channels and communication plans must be established for coordinated and appropriate action.
“It is not just the internal infrastructure that needs to be considered, but the planning should also consider service providers. To build resilience, it is also necessary to identify the risk in third parties and assess and adopt mitigation measures where appropriate,” says Bertone.
Determine the criticality and impact of the cyber incident and investigate the root cause through forensic analysis. Knowing the taxonomy for its classification according to the type of incident, its actors, its threat vectors and its impacts will allow determining the level of prioritization and the allocation of resources to mitigate the impact, restore services and recover.
“System and device audit records are necessary for a proper forensic investigation. Furthermore, the BCRA guidelines recommend having both internal and external sources of information for a quick evaluation of the threats and causes of a cyber incident,” highlights Bertone.
Contain, isolate and eradicate. Refers to actions aimed at preventing the situation from worsening and eliminating the consequences of incidents to minimize the impact on operations and services.
“According to the type of cyber incident, different containment measures will be deployed, which can range from disconnecting or isolating part of the systems or networks, or continuing to provide the service, depending on the criticality, possible consequences or impact,” says Bertone.
In the event of a cyber incident, the affected operations, services and data must be restored to their normal state in a secure manner. The BCRA recommends that restoration activities have automated, documented and tested procedures, thus reducing the risk of human error that may arise in manual restoration. Monitoring the restoration process and validating the integrity of the assets is a convenient practice.
“The data that was compromised in the incident may have undergone some type of manipulation, so its integrity must be guaranteed. It is good practice to periodically perform restoration tests to ensure the integrity, availability and readability of the recovered data,” says Bertone.
It is key to always maintain coordination and fluid communication. Defining the language, frequency and level of detail according to the recipient of the message and proper coordination between the parties will allow the objectives to be achieved. Escalating the incident according to the criticality framework and established procedures and acting according to the action plans will provide reasonable guarantees of a correct approach to the threat.
“Reporting the incident and exchanging technical information with the Authorities about the threat, strategies and actions taken will allow the creation of a more resilient ecosystem and the recognition of new methods, both of attack and defence, which will allow the company to be better prepared in the future,” Bertone highlights.
Post-incident analysis, drills and measures and protocol validation exercises will improve RRCI activities and capabilities, implementing changes where necessary. Valuable information can be obtained before and after the incident to improve response and recovery activities and cyber risk management practices.
“The company must have a spirit of continuous improvement that allows it to learn and want to go beyond in the management of cyber incidents. Recognizing failures and staying up to date with technological advances, trends and publications from regulatory and supervisory bodies will improve resilience and strengthen procedures during the incident, minimizing consequences,” says Bertone.
Adopting an integrated business approach and having senior management support and involvement in digital risk management offers several key benefits to organisations. Cybersecurity is no longer just a challenge for the IT team; creating a company-wide cybersecurity culture could prevent major damage, as according to Harvard Business Review, 80% of cyberattacks are due to human error.iii
The same is true when assessing and analysing digital risk: a holistic approach that includes all threats must be taken. Focusing on each of them separately is not effective and makes it difficult to protect and differentiate between threats and those that are not.
Having an ally like Grant Thornton helps you build a cybersecurity-first culture to accelerate secure growth, manage cyber risk, and respond quickly to evolving regulations. Sharing cybersecurity responsibility with experts strengthens alignment across the company and establishes cyber responsibility beyond the CISO.
-----------------
i. " Rising Cyber Threats Pose Serious Concerns for Financial Stability" - International Monetary Fund (FMI). Retrieved from imf.org.
ii. "The Global Risks Report 2024" - World Economic Forum. Retrieved from weforum.org.
iii. "Human Error Drives Most Cyber Incidents. Could AI Help?" - Harvard Business Review. Retrieved from hbr.org.
