HOW DO ATTACKS TAKE PLACE?
Methods used by cyber criminals are constantly evolving. They are too varied and numerous to list here. However, here are some of the most common methods.
Social engineering involves targeting an individual to facilitate the fraudulent transaction or data breach.
Malicious software or ‘malware’ involves tricking individuals into opening infected files so that the cyber criminal can either introduce spyware, ransomware, viruses, trojans or any type of malware that would allow them to gain access to data, devices or systems.
Existing system vulnerabilities
Cyber criminals often rely on known, but unpatched exploits, to gain access to IT systems to commit their crimes. Unchanged default root passwords are easy pathway into corporate IT systems.
KEY CONTROL CONSIDERATIONS FOR TREASURERS
Invest in staff awareness on cyber risks and in particular new social engineering and phishing techniques. Your staff are the first and last line of defence against cyber attacks.
Consider robust logical access controls, new system strengthening, network and endpoint firewalls, up to date malware and anti-virus protection, intrusion detection systems, regular patching, vulnerability scans and penetration tests.
- Place cyber security on the agenda of senior executive and management meetings.
- Maintain clear protocols on segregation of duties, and controls for the use of all technology including mobile/portable devices.
- Ensure that only staff with the right responsibilities and security credentials has access to your systems and financial data.
- Regularly monitor and update user access privileges.
- Expect a cyber incident, plan for and practice your response and resolution to minimise the impact of a loss.
- Consider strict procedures over all changes to customer/supplier bank details, key contacts and all other master data.
- Ensure reconciliations do not just serve as a rubber stamp activity but detect and escalate a leakage in funds.