Cybersecurity: When speed is everything

Eileen Dignen
Cash Management

For many of us, it feels like the world runs at the speed of light. Today, businesses that want to stay relevant have to think fast to survive and thrive. Consumers and business clients alike expect instant gratification.

Collage showing hands of a clock near noon, with euros and graph notations in the background.That’s why real-time payments with instant settlements that enable businesses and consumers to send and receive payments instantly — directly from their accounts at financial institutions — has become a preferred option for many.

But this culture of speed can come with unintended consequences. In a digital world with fraudsters becoming more agile, financial executives have to be proactive. Who knows what moves hackers will make next? Even the best-designed cybersecurity policy is no silver bullet for total protection of corporate data.

Top causes for cyber breaches

Anyone within a company or organization can become a target of fraud. Unfortunately, some companies have discovered the hard way that if the right security policies aren’t in place, employees can inadvertently give the game away.

To keep company data and resources secure, staff training is critical. According to Verizon’s 2016 Data Breach Investigation Report, it is feasible to successfully pull data within minutes of a breach. So when it comes to data fraud, time is of the essence. Interestingly, PwC’s The Global State of Information Security Survey 2017 finds that of the 15% of respondents who reported that there had been a serious breach in their company, 1 in 3 didn’t know for how long the company had been breached and 24% thought the breach had lasted only a day.

The survey reported that the top causes of cyber breach were:

  • Human error
  • Lack of staff awareness of security risks
  • Failure to follow a defined process
  • External attacks specifically targeting a company

It seems people were the weakest link. Case in point: The most frequent breach vectors were social engineering or phishing (55%), followed by malware (49%) and human error (45%).

Social engineering fraud: an example

Social engineering fraud has severe consequences and requires pragmatic protection. A leading agro-industrial group became a victim of such as scam, resulting in a fraudulent payment to a foreign bank account. The fraud was discovered during a forensic analysis of electronic data from computers, smartphones, and employee interviews.

The incident started with a fake email providing context and instructions on how to deal with an ongoing confidential transaction, supposedly from a senior manager. Email correspondence continued and involved a payment up to the maximum allowed amount to a foreign bank account. This was supported by incoming and outgoing telephone calls with a bogus attorney who was supposedly involved with the transaction. The lawyer emphasized the urgency and secrecy of the transaction, using flattery, threats and appeals to higher authority.

This use of electronic and real-person manipulation is a growing threat. While technology facilitates the speedy transfers, the targets of the fraudsters’ attacks are employees. After a breach, some companies may want to believe that it’s another party’s responsibility to verify transactions. However, I believe the best protection is employee engagement and a strong culture of openness, validation and support, educating employees about the potential dangers. After the social engineering fraud incident, the agro-industrial group changed its internal culture and updated agreements with its financial partner.

For more information about cybersecurity trends and case studies, check out the second edition of Journeys to Treasury. From BNP Paribas, PwC and SAP, Journeys to Treasury identifies the most pressing topics for corporate treasurers today: data analytics, compliance and regulation, and cybersecurity.

Read More ›

Avoiding income tax fraud: What to know about the IRS

David Pollino
Security
Sign for Internal Revenue Service on the side of a stone building, with a traffic light (on red) nearby.

Knowing how the IRS operates will help you recognize fraudulent activities.

Read More ›

Building our support for renewable energy & better cities

Jenny Flores
Posted by Jenny Flores
Community Affairs
Jenny Flores with Egon Terplan, regional director of SPUR

We believe bankers are in a pivotal position to foster environmental stewardship.

Read More ›

Building up resistance: Q&A with ‘She Started It’ filmmaker Nora Poggi

Michelle Di Gangi
Small Business Banking
Michelle Di Gangi onstage with Nora Poggi, who is speaking.

“We want women and girls who will see the film to know that they can take risks, that failure is OK, and that it is worth trying something you are passionate about.”

Read More ›

Down payment options 101

Victor Polich
Mortgage Banking
Young mother at kitchen table working on laptop while her baby watches from a high chair.

When you’re buying a home, the difference between your loan amount and the purchase price is called the down payment.

Read More ›