By Hitendra R. Patil and Jeffrey Lush
Businesses the world over rely on outsourced services, like accounting, to keep themselves ahead in the game, be profitable, efficient and to limit risk.
MORE ON ENTREPRENEURIAL STRATEGY: The Why, What and How of Cybersecurity for Accountants | Blockchain: What You Need to Know Now | The Rise of the Robot Accountant: Opportunity or Threat? | Certified Blockchain Accountant: From CPA to CBA
Exclusively for PRO Members. Log in here or upgrade to PRO today.
In “The Why, What and How of Cybersecurity for Accountants,” we covered the fundamentals to enable accountants get a quick understanding of cybersecurity to help explore the new opportunities that are emerging in the cybersecurity services segment. In this post, we’ll explain why it may not be really necessary for accounting firms to have specialist technology resources to foray into cybersecurity opportunities.
Today’s data breach headlines are becoming all too common. More than ever, organizations rely on external experts’ help for cybersecurity-related services. Often, cybersecurity-related advisory services have a heavy lean toward technical and operational expertise.
However, new cybersecurity automation tools are opening the doors for accounting firms to get into cybersecurity services as a growing revenue segment.
Why Accountants Are So Important in Cybersecurity Management
While this may be prima facie hard to understand, a closer look reveals that in cybersecurity management, the fundamental need is for expertise in audit, policy and rules administration, which is a proven competency and hence a great fit for accounting firms.
Furthermore, growing regulations such as GDPR and other data privacy laws carry growing financial repercussions for non-compliance. Earlier this year, even the SEC Commissioner Robert Jackson said this: “The most pressing issue in corporate governance today: the rising cyber threat. Cybercrime is an enterprise-level risk that will require an interdisciplinary approach.”
While most security operation centers that offer services understand firewalls, anti-malware, network access and intrusion detection, they often lack what accountants don’t – policy, audit and rules expertise. With the advent of new automation tools, many accounting firms can find cybersecurity services much easier to offer as a great addition to their current services engagements.
Not convinced? Let’s explore this a little more.
How Security Policy Automation Technology Can Help
There is no doubt that data security is a big, big issue. Scare tactics are no longer needed. Organizations realize the general significance of the threat. However, the biggest problem to running an adaptable, risk-informed and agile cybersecurity system is the lack of real-time connectivity from operational tools, (think firewalls, anti-malware, network access, intrusion detection) to the security policy controls themselves.
For too long, organizations have relied solely on network-driven, IT-centric dashboards and blinking lights without tying them to what “right” should look like, the policy controls themselves. While the operational technologies themselves are fantastic, they do not automatically express the impact on policy or regulatory requirements. They do not seamlessly give insight into business outcomes. Until now.
Organizations can now expedite by over 80 percent the gap analysis process for many regulatory and audit related requirements through the use of security policy compliance automation tools.
Advisory services can now deploy automation and repeatable, scalable mechanisms into the cybersecurity process, both for initial strategy implementation and for ongoing continuous monitoring of cybersecurity objectives health.
Traditional “check the box” compliance with today’s massive electronic data growth only achieves partial visibility into security health. The more technical controls we introduce – and they’re growing all the time – and the more devices and software tools we introduce into our environments, the more reliant we become on policy health automation tools. This transformation is a shift from traditional “check the box compliance” to “accountable compliance.”
We need a mechanism that ties our events to our controls. When we do that, we can visualize reality of control health based on our actual events. When services organizations follow this plan, they can quickly
- reduce financial risk,
- automate validation of control health,
- lower cost,
- gain real-time policy health visibility and
- establish an automated path toward remediation.
Clients who need it will find a provider. Why not you?
There’s no better time to explore services expansion into the cyberstrategy realm. There are cybersecurity policy health automation tools that are readily available now and their creators will be more than happy to help your firm comprehensively learn the exciting new landscape of cybersecurity. Many clients may be aware and worried about cybersecurity but may not realize they need professional cybersecurity services.
Clients who need it will (have to) find a provider. Why not you?