Cybersecurity risks continue to increase as companies expand their electronic footprint. Hackers are continuing to raise the sophistication of their methods, and the speed with which they can exploit newly-identified vulnerabilities in security architectures. These are not the teenage hackers of the past, trying to see what information they could access from a computer in their basement. Today’s hackers are highly credentialed and technically savvy individuals who attack companies for the purpose of stealing information that can be re-sold on the black market, or in the case of nation-states, are looking to gather intelligence from US companies for their own purposes.
We continue to see an increase in the risk profile of companies that seek faster and better ways to integrate their business model with their customers and their business partners. The more access they provide to these constituents, the higher the risk that they will incur a breach of their security environment. Companies also incur the risk that a security breach at a business partner can compromise their own organization’s security controls. Of course, there still are significant risks posed by internal threats in an organization, primarily from employees who have been granted authorized access to the environment. The access that these individuals have been granted can be compromised through phishing attacks or “social engineering.” Even worse, we see cases where disgruntled employees use their access to post embarrassing data on public sites. This was the case recently in the UK, where a disgruntled internal auditor posted private company information for all to see.
So, what are companies to do? Cybersecurity is an agenda item at most Board of Director meetings, and Boards are asking management teams to help them understand the risks present in their environment. Management also needs to respond to regulators, who are concerned that companies are not appropriately protecting their customers’ private data. Finally, management must also respond to the auditors, both internal and external, who must evaluate the cybersecurity risks that the organization faces as part of their audit procedures.
At FGMK, we have developed a strong focus on cybersecurity, and we stand ready to assist our clients in addressing their issues. We help companies across the spectrum, from developing strategies to address cybersecurity risks, to performing security assessments, through performing attack and penetration studies, where we attempt to gain access to the client’s system and assist them in identifying their vulnerabilities. We also assist our clients with regulatory compliance issues, and review their vendor relationships to assess the risks that business partners may pose to their business objectives. For a dialogue on our services, please contact Bill Harrington.
FGMK is a Chicago-based assurance, tax and advisory firm. For more than 40 years, FGMK has recommended strategies that give our clients a competitive edge. As a leader among the top Regional Accounting firms in the Midwest, FGMK is ranked one of the 10 largest accounting firms in Chicago by Crain’s Chicago Business and is amongst the 50 largest accounting firms nationally. Our clients include privately held businesses, global public companies, private equity firms and entrepreneurs. Our value proposition is to offer clients a hands-on operating model, with our most senior professionals actively involved in client service delivery.
Please visit our website for our complete list of services.