The danger that businesses face from cybercriminals is growing exponentially, with 2017 witnessing assaults on corporate systems ranging from email frauds, malware, ransomware and DDoSs – or distributed denial of service attacks.
Some of the higher profile instances include:
The many and varied cybercrime attacks demonstrate the vulnerability of corporate systems and the growing sophistication of cybercriminals, with personal data theft and business email compromise attacks (BECs) proving a particularly fruitful path for hackers.
The theft of customer data, which can then be used to extort payments from corporations, has been a persistent theme. In July 2017, cybercriminals targeted credit bureau Equifax and stole 145 million personal data sets in an attack with long-term implications around identity theft and the considerable holdings of sensitive and personal datasets that companies hold.
Businesses, however, are not necessarily forthcoming when they have been victims of cybercrime, for obvious reasons. In November, Uber revealed a data theft of 57 million customer records, a loss it had known about since the previous year.
Distributed denial of service attacks paralyse operations by bombarding networks with traffic from a large number of internet devices. The European Payments Council says this area is growing, and perpetrators are increasingly targeting the financial sector.
Internet of Things devices, which include a growing number of internet-enabled products ranging from thermostats to wearable tech, are expected to become increasingly attractive to cybercriminals as a route into corporate systems.
Emails purporting to be from a CEO or CFO containing requests for immediate and large payments are increasing. Through this method, fraudsters exploit the fact that the people within organisations making payments are generally quite junior and often responding to requests from superiors.
Electrical cable manufacturer Leoni lost €40m in what was widely reported to be an ‘email scam’. According to the Federal Bureau of Investigation, BECs are known to have occurred in more than 100 countries with losses to businesses estimated at $9.1bn between 2012 and 2017.
Security specialist Trend Micro expects incidents and losses to multiply in 2018. As awareness increases, so recognition of this area will grow, the firm says, a fact it believes will push up reporting of incidents, although current behaviour suggests that companies may try to keep incidents out of the public domain.
While corporate treasurers can do little about the attacks or fraudulent emails themselves, familiarity with the methods cybercriminals deploy and of the potential entry points into their organisation is key. The main area that affects corporate treasurers is fraudulent payments and hijacking of bank systems.
The treasurer should be making sure that defences are in place and that personnel are suitably educated to help prevent such attacks. Awareness and education on trends within cybercrime is growing, which can only be a good thing. With an increasingly aware workforce, defences are that much more solid.
This article was taken from the Feb/Mar issue of The Treasurer magazine. For more great insights, log in to view the full issue or sign up for eAffiliate membership