Online banking remains an appealing target for cyber criminals and attacks are on the rise.
Two-thirds of companies surveyed experienced some kind of cyber incident in 2019, according to McAfee’s “The Hidden Costs of Cybercrime” report. Without even taking fraud into account, the average cost of downtime for a department is about $590,000. Globally, the monetary loss from cybercrime was estimated at approximately $945 billion in 2020.
In treasury management, it seems that as businesses achieve greater digitization and connectivity, in areas like payables and receivables for example, security measures improve. But there are also more points of access for cybercriminals to exploit. The COVID-19 crisis was a powerful lesson for many companies in understanding how resilient their systems are, but also how vulnerable they are when faced with securing the future of work and a remote fleet of devices. And as we’ve learned, security breaches most often come down to the habits of the individual remote worker.
The threats we see having the most impact on businesses today are phishing campaigns, malware, ransomware and business email compromise (BEC) attacks. These are people-based maneuvers that have been causing damage for years in various forms. Malicious actors are drawn to them because the basic strategy of playing on an unsuspecting victim’s gullibility and unpreparedness works.
Phishing was once primarily a phone-based fraud scam. It relies on social engineering and impersonation to extract sensitive information from victims, usually login credentials and personal identities. Today it is largely carried out by email, and victims are most often lured to counterfeit websites where they are tricked into surrendering their credentials. Untrained and unprepared for the persuasive tactics, remote workers have been a prime target during the pandemic. The number of phishing attacks doubled in 2020, according to the Anti-Phishing Working Group.
Malware, or malicious software, is right up there in terms of impact and prevalence. It’s considerably harder to pull off compared with phishing, but it is much more effective and dangerous. The basis of a malware attack is a virus or piece of software that has been planted on a victim’s computer. Once it’s installed, cyber criminals can steal data or take over online banking sessions.
Ransomware, such as the recent Keystone Pipeline attack, locks up the victim’s computer or network, and only unlocks it once a ransom is paid — almost always via a cryptocurrency.
Another cyber hot spot we are paying close attention to, especially as it affects the financial sector, is BEC. A specialized form of phishing, it has become very common as more companies are moving to remote and virtual transactions. BEC relies on impersonating or stealing the identity of a company employee, usually a senior executive, and tricking victims into exposing valuable information or transferring funds outside the company. Wire transfers and international payments are widely targeted and the volume of attacks is increasing.
The same technologies that have helped businesses move toward digitization and greater connectivity have also created new vulnerabilities. Technologies, such as application programming interfaces (APIs), have made it possible to connect financial services and data in new ways and achieve faster more accurate transactions. But at the same time, there are more openings for criminals to infiltrate.
Similarly, cloud-based email services and applications have revolutionized how many companies do email and created new flexibility and efficiencies. However, these services are showing to be popular targets for BEC scammers.
In many threat scenarios, the actual integrity of the online banking or security system is usually not compromised, but rather a user has inadvertently become a victim of a social-engineering scam. In this regard, education is of the utmost importance, and any worthwhile cybersecurity strategy needs to ensure that cybersecurity is a top-of-mind priority for everyone across the organization.
1. Support organization-wide education and awareness
With so much riding on individual liability, it’s vital to make sure users are informed about cyber risk, following proper procedures and educated enough to recognize and flag social engineering tactics. It’s also very important to keep tabs on the latest trends, tools and technology.
2. Administer thorough system reviews
Invest in understanding your systems, how your transactions affect your operations and where potential cyber risk could be lurking. It’s hard to prevent something you don’t see or understand. Thorough and regular systems reviews help ensure the right measures, permissions and account management tools are in place and up to speed to address specific threats.
3. Improve IT best practices
Treasury needs to be a proactive partner with IT and work with the technology experts to ensure everything cybersecurity is working as a cohesive whole.
4. Do your due diligence
It’s easy to speed toward new technologies and new opportunities, but jumping in before you’re ready can leave the door open to unnecessary risk.
5. Be transparent and communicate clearly
Being open with customers and partners about cyber and understanding risk is essential for protecting all sides of the equation — and makes for stronger, more reliable relationships.
Richardson is executive vice president and head of product solutions for Citizens.
from WordPress https://ift.tt/3eRRfW6
via IFTTT
No comments:
Post a Comment