VoiceOver users please use the tab key when navigating expanded menus

INSIGHT: CYBERCRIME


THE DARKER SIDE OF DIGITAL DISRUPTION

Tags

  • Asia Pacific
  • Cybercrime
  • Financial Institutions
  • Risk Management
  • Transaction Banking

FOREWORD

WITH BUSINESS AND CONSUMER INTERACTIONS MOVING TO DIGITAL FORMATS, THERE IS A WORLD OF OPPORTUNITIES BEFORE US. UNFORTUNATELY, THIS ALSO BRINGS INCREASED RISKS AND VULNERABILITIES FOR ORGANISATIONS REGARDLESS OF THEIR SIZE, INDUSTRY OR LOCATION.

Digital development is making it very easy for others to intercept many aspects of people’s professional and personal lives. It is no surprise that banks and corporates are ready targets for cybercrime, and we must continue to work together to prevent and mitigate the impacts of cybercrime.

At ANZ, we are committed to preserving the trust that our clients have in the quality and security of our banking services. As a corporate treasurer, we know the essential role you perform in managing risks within your organisational environment.

This guide ‘shines a light’ on ways you can keep your organisation safe and secure. Together with the robust security practices we implement to help protect our clients, it aims to minimise the chance of your organisation falling victim to cybercrime.

KEY TAKEAWAYS

  • Cyber criminals exploit any weakness in an organisation’s people, process or technology infrastructure.
  • Using humans to infiltrate organisations is a common factor in most current cybercrime attacks.
  • Effective processes together with a risk management approach are crucial.
  • Organisations benefit from a multi-layered risk management strategy – ‘defence in depth’.
  • The agility to know, control and adapt to new cyber threats will differentiate the strong from the weak.
  • Cyber resilience plans are essential – expect cyber disruption and prepare to deal with it while continuing to operate your business.

"CYBERCRIME IS NOW A BUSINESS IN EVERY RESPECT, WITH SERVICES THAT MIRROR THOSE OF MULTI-NATIONAL ORGANISATIONS INCLUDING CUSTOMER SUPPORT AND TECHNICAL HELPLINES TO ENSURE THEIR CRIMINAL PRODUCTS AND SERVICES WORK AS INTENDED."

HOW DO ATTACKS TAKE PLACE?

Methods used by cyber criminals are constantly evolving. They are too varied and numerous to list here. However, here are some of the most common methods.

Social engineering

Social engineering involves targeting an individual to facilitate the fraudulent transaction or data breach.
 

Malicious software

Malicious software or ‘malware’ involves tricking individuals into opening infected files so that the cyber criminal can either introduce spyware, ransomware, viruses, trojans or any type of malware that would allow them to gain access to data, devices or systems.
 

Existing system vulnerabilities

Cyber criminals often rely on known, but unpatched exploits, to gain access to IT systems to commit their crimes. Unchanged default root passwords are easy pathway into corporate IT systems.


 

KEY CONTROL CONSIDERATIONS FOR TREASURERS

People

Invest in staff awareness on cyber risks and in particular new social engineering and phishing techniques. Your staff are the first and last line of defence against cyber attacks.
 

Technology

Consider robust logical access controls, new system strengthening, network and endpoint firewalls, up to date malware and anti-virus protection, intrusion detection systems, regular patching, vulnerability scans and penetration tests.
 

Processes

  • Place cyber security on the agenda of senior executive and management meetings.
  • Maintain clear protocols on segregation of duties, and controls for the use of all technology including mobile/portable devices.
  • Ensure that only staff with the right responsibilities and security credentials has access to your systems and financial data.
  • Regularly monitor and update user access privileges.
  • Expect a cyber incident, plan for and practice your response and resolution to minimise the impact of a loss.
  • Consider strict procedures over all changes to customer/supplier bank details, key contacts and all other master data.
  • Ensure reconciliations do not just serve as a rubber stamp activity but detect and escalate a leakage in funds.

RELATED INSIGHTS

insight


Transaction Banking: The Extinction of Paper Cheques

Like the dodo and the dinosaur, paper cheques are on their way out.

Read more

insight


ASEAN Banking: Shaping the Future

The complete banking approach for this growing market.

Read more

insight


Australia’s New Payments Platform: Changing the Way Banks and Insurers Do Business

Imagine being able to make real-time data rich payments easily and quickly, any time, any place.

Read more

1) By Regulation
a. Dodd-Frank

2) By Business
a. Foreign Exchange Wholesale Disclosure

3) By Country
a. US Disclosures