Each month, the team at eftsure monitors the headlines for the latest cyber & accounts payable news. We bring you essential learnings to help your organisation manage payments securely.
Email Security a Major Concern for Banks
Email remains the soft underbelly for any organisation seeking to strengthen its security maturity. In fact, the risks posed by email are growing exponentially, particularly for those organisations handling sensitive financial information.
The banking sector has seen a significant increase in the pace, scale and sophistication of cyber threats in the previous year according to Lynwen Connick, ANZ Bank’s chief information security officer.
Speaking at this month’s Australian Financial Review Banking Summit, Connick said that ANZ now blocks between 8 million and 10 million malicious emails a month. Just one year ago, that figure was about 4 million a month.
“No organisation is immune from cyber threats. The key is to stay vigilant to defend against attacks and also prepare for a successful attack and be able to detect and respond quickly and minimise damage,” Ms Connick said.
With financially motivated criminals regularly using email as a vehicle to launch their attacks, it’s almost impossible to successfully block all attempted breaches. That’s why organisations need to have the right systems in place to mitigate the consequences when a breach does occur.
Eftsure’s “Know Your Payee” solution helps you ensure that your accounts payable team pays the right amount to the right person, undermining attackers’ attempts to defraud your organisation.
Employee Steals $3.7m for Pokies
When we think of fraud risk, we naturally think about anonymous cyber criminals. Yet, the unfortunate reality is that sometimes our own employees represent just as big a risk.
For over 40 years, industrial chemist Greg Zeuschner ran a successful business on the outskirts of Sydney. Since 1999 he had employed Vicky Clerke as his personal assistant and accounts clerk. As a family friend who shared an office with Zeuschner, Clerke was trusted to access the company’s bank accounts and had responsibility for paying the wages and bills.
However, within two years of commencing employment, Clerke started defrauding the company. She hid her theft by creating dummy bills for suppliers and paying the money directly into her account.
Over the course of nearly 20 years, Clerke stole $3.7 million from Zeuschner’s business to fund her addiction to poker machines. Whilst Clerke was subsequently jailed for her crimes, Zeuschner faces the almost impossible task of trying to recover the stolen funds from various Leagues and RSL clubs.
The theft has left Zeuschner’s finances in chaos and has ruined his retirement plans.
Eftsure’s unique platform makes it easier for business owners to easily identify a range of fraudulent accounting practices, including those that may be carried out by trusted employees.
Notifiable Data Breaches Report
Every six months, the Office of the Australian Information Commissioner (OAIC) releases a report detailing the extent to which Australian organisations have reported serious cyber breaches under the Notifiable Data Breaches Scheme.
Whilst it is acknowledged that there is substantial underreporting of cyber crime to the government, the report is still a useful barometer of the extent to which email represents a risk to Australian organisations.
During the reporting period (July – December 2020), the OAIC received 539 notifications of serious data breaches. Worryingly, this represents a 5% increase compared to the previous 6 months and a 2% increase compared to the same period in 2019.
Of particular concern was the fact that some 40% of breaches involved compromises of financial details, such as bank account or credit card numbers. This highlights the fact that financial data is particularly prized by cyber criminals.
The majority of reported data breaches (58%) involved some element of malicious or criminal attack in which the attacker deliberately sought to exploit victims for financial or other gain. Among the attack methodologies were phishing, social engineering and identity impersonation, as well as actions taken by a rogue employee or insider threat.
All these methodologies regularly feature in Business Email Compromise (BEC) attacks.
It’s never been more important to have systems in place to strengthen your data security protocols. Additionally, it’s also vital to have systems in place to mitigate the consequences of an attack should one slip through the net. Eftsure’s unique platform helps your organisation mitigate the consequences of malicious or criminal attacks by helping you avoid paying funds to cyber criminals.
Supply Chain Security
Supply chains are emerging as one of the weakest links in an organisation’s cyber armoury.
In an analysis of the key cyber security questions company boards need to be asking themselves, Mike Cerny, a partner at PwC, highlighted the importance of having a thorough understanding of the information security controls of your supply chain.
Other organisations in your supply chain should be having their systems audited and processes checked on a regular basis to ensure they are doing as much as possible to protect themselves, and by extension also help protect your company.
According to Cerny, the key questions any board should be asking include:
“Are we comfortable with the level of security that [suppliers] have adopted? How strong are our contracts? Is cyber security stipulated within those contracts and does our insurance have any level of coverage should one of those third parties go down, or have an issue?”
Taking steps to answer these questions about your suppliers will help give you confidence that they are less likely to experience a breach that could result in a Business Email Compromise (BEC) attack against your company.
It’s also worth considering your contracts with suppliers, and whether there should be a stipulation that they are required to notify you of any breach of their systems within a defined time frame.
In the integrated digital economy in which we all now operate, having confidence in your supply chain is harder that ever. A system like eftsure helps you gain peace of mind that in the event of a supply chain breach, you are unlikely to end up falling victim to BEC fraud.
Police Warning About BEC Scammers
The Australian Federal Police (AFP) is warning Australian businesses to be aware of the threats posed by Business Email Compromise (BEC) attacks.
According to the AFP, which established Operation Dolos to curtail the growing threat, between July 2019 and June 2020, Australian businesses were defrauded to the tune of $142million in 4,252 separate attacks.
The scams are wide-ranging and have included crooks hacking into the emails of high-ranking employees such as chief executives and chief financial officers and using their email addresses to issue false invoices.
According to AFP Commander Chris Goldsmit, “BEC scams are difficult to detect and are insidious and growing as a threat to Australian organisations.
“There has been a significant increase in the volume of BEC reporting since 2019.”
No Australian organisation is immune to such threats. All organisations, from large enterprises to SMEs, are equally vulnerable. This is particularly the case for any organisation with a large supplier base that pays invoices regularly. Such businesses could be subjected to a BEC attack, only realising they had been targeted long after paying funds to the fraudsters. With the eftsure platform integrated into your accounts payable environment, you stand a far better chance of preventing funds being sent to fraudsters.
Stay up to date with the latest payment security threats and trends