Colonial hack a wake-up call to CFOs with legacy systems


What is a cyber attack? Recent examples show disturbing trends | CSO Online

CFOs whose finance and accounting functions are built on legacy computer systems got a stark reminder last week from the Colonial pipeline hacking of what’s at stake if their system is breached.

The hack to Colonial’s system led to widespread gas shortages throughout the East and reportedly forced the company to pay $5 million in ransomware to get the instructions for reclaiming its data. 

“For finance departments, the cybersecurity risk is huge,” Samir Jaipati, a finance solutions leader with EY Americas, told CFO Dive in an email. “Something built on outdated technology won’t be able to keep hackers out.” 

Security specialists generally agree legacy, on-premises systems starting from about 10 years ago typically have solid cybersecurity features built in, but those that are older might require significant upgrades if they’re going to stand a chance against today’s sophisticated hackers.

The risk for CFOs who must manage their processes on an outdated system is they’ll try to get by with short-term fixes that won’t solve the systemic problems they face. 

“These temporary fixes aren’t as dependable and in the long-term may cost more,” said Kaipati.

Best effort

For CFOs who don’t have the time or budget to implement the system overhaul they need or to transfer their processes to a more secure on-premises system or to a cloud-based system, the best step is to do a comprehensive review of their end-to-end finance processes to audit for consistency and reliability, said Steve Adams, Gartner finance director. 

He suggested reviewing the organization’s record-to-report process from start to finish to understand where non-secure platforms are used, whether there are audit trails that don’t exist, and if exogenous data is incorporated. By eliminating these and other red flags, CFOs can go a significant way to clean up their processes and reduce risk without making system changes, Adams said. 

CFOs taking this approach should first engage their IT business partner and ask for a full audit of the cybersecurity capabilities of the suite of financial applications and to use that review as a starting point to making improvements, he said. 

Wider integration

Legacy systems pose a broader problem than just security risk; they can impede company growth because CFOs aren’t generating the data or producing the analytics that can help them identify ways to make more money or reduce costs in the same way they can get from sophisticated cloud-based solutions. 

Nor can legacy systems be expected to be as good at integrating data throughout the organization in the same way as cloud systems.

For CFOs who can do it, switching from an old on-premises system to the cloud can be a game-changer, said Manish Sharma, an Accenture operations group executive.

“CFOs that are agile and able to overcome these restrictions by scaling digital and cloud-powered technologies have been able to break down data silos and siloed ways of working to support the ever-evolving business strategy with speed and flexibility,” he said. 

The importance of using up-to-date IT was emphasized in a recent Accenture report that found “future-ready” leaders are emerging ahead of the pack with higher efficiency and profitability by scaling digital capabilities in ways to improve operational maturity.

“These leaders use better, more diverse data to inform decision-making as part of a cloud-powered continuous feedback loop,” said Sharma.

Flexible categorization

Another benefit of moving to the cloud or a hybrid cloud-on-premises arrangement is cost flexibility. 

On average, the cost of managing an outdated IT system can cost a business around $3.61 per line of code or over $1 million for an application with 300,000 lines of code, said Kevin Shuler, owner and CEO of the Quandary Consulting Group, a Denver-based IT firm. 

“It accounts for customizations, maintenance, reporting, server and hardware, etc.,” he said. 

While replacing the old with the new might appear to be prohibitively expensive at first glance, Shuler noted what can put a CFO more at ease is the costs are more transparent than maintaining a legacy system.

“Better, they can be categorized as either an operating expense or a capital expense since a lot of software is classified as a service rather than software,” he said. 

This gives flexibility to the CFO’s finances and forecasting. It also means more resources can be available for modernized systems. 

“That means you can get superior resources at a lower cost than trying to pull from a pool of highly specialized and competitive contractors who work mainly with legacy systems,” he said.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.