All Posts Tagged: phishing

Cybersecurity: When speed is everything

Eileen Dignen
Cash Management

For many of us, it feels like the world runs at the speed of light. Today, businesses that want to stay relevant have to think fast to survive and thrive. Consumers and business clients alike expect instant gratification.

Collage showing hands of a clock near noon, with euros and graph notations in the background.That’s why real-time payments with instant settlements that enable businesses and consumers to send and receive payments instantly — directly from their accounts at financial institutions — has become a preferred option for many.

But this culture of speed can come with unintended consequences. In a digital world with fraudsters becoming more agile, financial executives have to be proactive. Who knows what moves hackers will make next? Even the best-designed cybersecurity policy is no silver bullet for total protection of corporate data.

Top causes for cyber breaches

Anyone within a company or organization can become a target of fraud. Unfortunately, some companies have discovered the hard way that if the right security policies aren’t in place, employees can inadvertently give the game away.

To keep company data and resources secure, staff training is critical. According to Verizon’s 2016 Data Breach Investigation Report, it is feasible to successfully pull data within minutes of a breach. So when it comes to data fraud, time is of the essence. Interestingly, PwC’s The Global State of Information Security Survey 2017 finds that of the 15% of respondents who reported that there had been a serious breach in their company, 1 in 3 didn’t know for how long the company had been breached and 24% thought the breach had lasted only a day.

The survey reported that the top causes of cyber breach were:

  • Human error
  • Lack of staff awareness of security risks
  • Failure to follow a defined process
  • External attacks specifically targeting a company

It seems people were the weakest link. Case in point: The most frequent breach vectors were social engineering or phishing (55%), followed by malware (49%) and human error (45%).

Social engineering fraud: an example

Social engineering fraud has severe consequences and requires pragmatic protection. A leading agro-industrial group became a victim of such as scam, resulting in a fraudulent payment to a foreign bank account. The fraud was discovered during a forensic analysis of electronic data from computers, smartphones, and employee interviews.

The incident started with a fake email providing context and instructions on how to deal with an ongoing confidential transaction, supposedly from a senior manager. Email correspondence continued and involved a payment up to the maximum allowed amount to a foreign bank account. This was supported by incoming and outgoing telephone calls with a bogus attorney who was supposedly involved with the transaction. The lawyer emphasized the urgency and secrecy of the transaction, using flattery, threats and appeals to higher authority.

This use of electronic and real-person manipulation is a growing threat. While technology facilitates the speedy transfers, the targets of the fraudsters’ attacks are employees. After a breach, some companies may want to believe that it’s another party’s responsibility to verify transactions. However, I believe the best protection is employee engagement and a strong culture of openness, validation and support, educating employees about the potential dangers. After the social engineering fraud incident, the agro-industrial group changed its internal culture and updated agreements with its financial partner.

For more information about cybersecurity trends and case studies, check out the second edition of Journeys to Treasury. From BNP Paribas, PwC and SAP, Journeys to Treasury identifies the most pressing topics for corporate treasurers today: data analytics, compliance and regulation, and cybersecurity.

Read More ›

Avoiding income tax fraud: What to know about the IRS

David Pollino
Security
Sign for Internal Revenue Service on the side of a stone building, with a traffic light (on red) nearby.

Knowing how the IRS operates will help you recognize fraudulent activities.

Read More ›

Ways to avoid scammers who exploit natural disasters

David Pollino
Security
Fire-damaged room inside an empty house, with views out from broken windows and into two other damaged rooms.

It’s a sad fact: Fraudsters see opportunity in the wake of natural disasters, such as hurricanes, floods, and fires.

Read More ›

Be on alert: New phishing scams target home buyers

David Pollino
Security
Young woman checking email on phone with laptop on table

Recent phishing attempts target financial institutions and consumers that are engaged in mortgage lending.

Read More ›

New breach prompts widespread phishing alerts

David Pollino
Security
Young business woman leaning in to look more closely at what

As you may have read, hackers breached DocuSign’s systems and stole email addresses that were soon targeted with phishing emails.

Read More ›