As you move further and further out—our secondary and tertiary relationships—you obviously have greater vulnerability. We have a very robust third-party service policy and network for monitoring and maintaining those relationships. In fact, that’s one of the areas that I’m responsible for myself. We have an entire department dedicated to that. We have questionnaires. We have different third parties that will then do audits and examinations of some of our more critical third-party service providers to make sure that they are maintaining appropriate levels of security. We require certain third-party audits of their data security that must be done every year. It’s pretty robust.

CFO, Financial Services Company

If you’re a CFO for an enterprise, chances are you have something in common with most hackers: You have a healthy profit motive. Many adversaries would agree with a philosophy you likely hold dear: Cash is king.

The cybersecurity industry has done itself no favors with the stereotypical hacker trope of a bad guy in a hoodie lurking behind a green DOS screen that appears to be from the 1980s (coincidentally, the decade when Hollywood gave a face to the hacker community). The shadowy figure of a lone wolf behind a keyboard is no representation for the extensively sophisticated cybercrime syndicates that have very healthy profit motives indeed.

Jonathan Lusthaus never envisioned a career studying cybercriminals. His passion was in researching ...