Businesses throughout the world are increasingly bracing themselves for the very real threat of a cyber-attack.
In fact according to the Dublin Information Sec 2017 survey, more than one third of businesses in Ireland have experienced a cyber-attack in 2017 and a further 54% expect a cyber-attack on their business before year end. Worryingly, 84% of businesses see potential attacks as a major threat to their operations.
On 1st November 2017, Irish and international cyber security specialists gathered at Dublin Information Sec 2017 an annual cyber security conference to both discuss and highlight cyber security risks and threats and propose solutions to security breaches and infection.
Speaking at the event, ethical hacker Mike G told business leaders bluntly that employees remain one of the biggest risks to company data systems – “The weakest part of security is us,”. He also referenced that poof or fake texts, calls and emails are among the most common ways in which people and companies are left open to being hacked.
Cyber crime and payments
Because of the potential profits generated, the financial services sector is seen as a key target for cyber criminals and fraudsters. Protecting companies globally from cyber-attacks has become a major focus for the financial services sector. To counter the growing threat of cyber crime, 80% of financial services firms admitted to pumping cash into cyber security in 2017, up from 60% of companies in 2016.
The new EU General Data Protection Regulation (GDPR) will be implemented in 2018 and could see companies fined by up to 4% of their annual turnover if they have been exposed to a cyber-attack.
Recent research carried out by Apex Analytix revealed that that 54% of accounts payable departments do not work closely with their internal audit teams and 82% are not connected to their corporate security departments. Worryingly the research further revealed that 51% of businesses do not conduct secondary reviews of their high-value payments and 79% do not check vendor data against staff records to verify that they are not posing as suppliers.
Taking these findings into account, it is unsurprising therefore that cyber criminals and fraudsters are focusing their attention on businesses that facilitate significant volumes of high value payments. A cyber criminal’s success very much depends on the business values, internal controls and payment processing compliance of the business it is targeting.
The unquenchable thirst to innovate by businesses can often result in cyber security being overlooked until it is too late. This can lead to reputational, as well as financial, consequences for the organisation.
High profile payment frauds and cyber-attacks around the globe
Are your internal controls and payment processes as secure as you think? Some high profile payment fraud incidents in recent times expose the increasing need for businesses to be vigilant to cyber crime:
- In 2015 Ryanair was hit by a scam in which €4.6 million was removed from its account and transferred electronically to a Chinese bank.
- The WannaCry ransom attack of May 2017 targeted computers on the Microsoft Windows operating system. Infecting more than 230,000 computers in over 150 countries, the attack encrypted data and demanded ransom in Bitcoin. WannaCry hit 34% of health trusts in England and an investigation by the National Audit Office reported that the UK health service could have fended off WannaCry if “it had taken simple steps to protect its computers”. All NHS organisations infected by WannaCry had unpatched or unsupported Windows operating systems and as a result were susceptible to the ransomware.
- In August 2017, a series of fraudulent emails which were sent to McEwan University in Canada convinced University staff to change electronic banking information for one of the University’s major vendors, an Edmonton construction firm. The phishing scam, facilitated by human error netted the fraudsters $11.8 million. It was revealed that there was no process in place which required staff members to phone the vendor to confirm the request to change banking information. It was also discovered that there were no secondary or tertiary approval levels for payment authorisation.
- In October 2017, A Taiwanese bank admitted that $60 million was stolen from its account and transferred out of the country using fraudulent SWIFT messages. In the attack, reminiscent of the Bangladesh cyber-attack of 2016, malware was used to generate fake SWIFT transfer messages to send money from the Far Eastern International Bank to accounts in the United States, Cambodia and Sri Lanka.
Cyber security must be an integral consideration of business strategy. As well as mitigating against financial loss, business improvements can be made by increasing efficiency and managing risk by placing a priority on being cyber-attack ready. Strengthening internal controls and efficiencies will combat errors and incidents of financial crime while helping businesses to both remain compliant and reduce any risk of financial loss through a cyber-attack.
All businesses are vulnerable to cyber-attacks. You may go to great lengths to protect your physical assets but is your digital information safe?
If you value your company’s reputation, don’t miss our latest webinar: