VoiceOver users please use the tab key when navigating expanded menus

These publications are published by Australia and New Zealand Banking Group Limited ABN 11 005 357 522 (“ANZBGL”) in Australia on its Institutional website. 

If you choose to access these materials, you agree that the Website Terms of Use apply.  These publications are intended as thought-leadership material.  They are not published with the intention of providing any direct or indirect recommendations relating to any financial product, asset class or trading strategy.  The information in these publications is not intended to influence any person to make a decision in relation to a financial product or class of financial products.  It is general in nature and does not take account of the circumstances of any individual or class of individuals.  Nothing in these publications constitutes a recommendation, solicitation or offer by ANZBGL or its branches or subsidiaries (collectively “ANZ”) to you to acquire a product or service, or an offer by ANZ to provide you with other products or services.  All information contained in these publications is based on information available at the time of publication. While the publications have been prepared in good faith, no representation, warranty, assurance or undertaking is or will be made, and no responsibility or liability is or will be accepted by ANZ in relation to the accuracy or completeness of these publications or the use of information contained in these publications.  ANZ does not provide any financial, investment, legal or taxation advice in connection with these publications.

If you are resident or located in the United States of America, you agree that you are not acting on behalf of a natural or individual (including yourself) “U.S. person” (as defined in Regulation S of the U.S. Securities Act of 1933, as amended) and you agree not to transmit or otherwise send any information on this website to any natural or individual person in the USA or to publications with a general circulation in the USA.

If you are resident or located in New Zealand, you are a “wholesale client” under the Financial Advisers Act 2008 (NZ), as amended.

Please confirm that the above statements are correct.

I AGREE I DISAGREE

INSIGHT: CYBERCRIME

THE DARKER SIDE OF DIGITAL DISRUPTION

Download the PDF

Tags

  • Asia Pacific
  • Cybercrime
  • Financial Institutions
  • Risk Management
  • Transaction Banking

FOREWORD

WITH BUSINESS AND CONSUMER INTERACTIONS MOVING TO DIGITAL FORMATS, THERE IS A WORLD OF OPPORTUNITIES BEFORE US. UNFORTUNATELY, THIS ALSO BRINGS INCREASED RISKS AND VULNERABILITIES FOR ORGANISATIONS REGARDLESS OF THEIR SIZE, INDUSTRY OR LOCATION.

Digital development is making it very easy for others to intercept many aspects of people’s professional and personal lives. It is no surprise that banks and corporates are ready targets for cybercrime, and we must continue to work together to prevent and mitigate the impacts of cybercrime.

At ANZ, we are committed to preserving the trust that our clients have in the quality and security of our banking services. As a corporate treasurer, we know the essential role you perform in managing risks within your organisational environment.

This guide ‘shines a light’ on ways you can keep your organisation safe and secure. Together with the robust security practices we implement to help protect our clients, it aims to minimise the chance of your organisation falling victim to cybercrime.

KEY TAKEAWAYS

  • Cyber criminals exploit any weakness in an organisation’s people, process or technology infrastructure.
  • Using humans to infiltrate organisations is a common factor in most current cybercrime attacks.
  • Effective processes together with a risk management approach are crucial.
  • Organisations benefit from a multi-layered risk management strategy – ‘defence in depth’.
  • The agility to know, control and adapt to new cyber threats will differentiate the strong from the weak.
  • Cyber resilience plans are essential – expect cyber disruption and prepare to deal with it while continuing to operate your business.

"CYBERCRIME IS NOW A BUSINESS IN EVERY RESPECT, WITH SERVICES THAT MIRROR THOSE OF MULTI-NATIONAL ORGANISATIONS INCLUDING CUSTOMER SUPPORT AND TECHNICAL HELPLINES TO ENSURE THEIR CRIMINAL PRODUCTS AND SERVICES WORK AS INTENDED."

HOW DO ATTACKS TAKE PLACE?

Methods used by cyber criminals are constantly evolving. They are too varied and numerous to list here. However, here are some of the most common methods.

Social engineering

Social engineering involves targeting an individual to facilitate the fraudulent transaction or data breach.
 

Malicious software

Malicious software or ‘malware’ involves tricking individuals into opening infected files so that the cyber criminal can either introduce spyware, ransomware, viruses, trojans or any type of malware that would allow them to gain access to data, devices or systems.
 

Existing system vulnerabilities

Cyber criminals often rely on known, but unpatched exploits, to gain access to IT systems to commit their crimes. Unchanged default root passwords are easy pathway into corporate IT systems.


 

KEY CONTROL CONSIDERATIONS FOR TREASURERS

People

Invest in staff awareness on cyber risks and in particular new social engineering and phishing techniques. Your staff are the first and last line of defence against cyber attacks.
 

Technology

Consider robust logical access controls, new system strengthening, network and endpoint firewalls, up to date malware and anti-virus protection, intrusion detection systems, regular patching, vulnerability scans and penetration tests.
 

Processes

  • Place cyber security on the agenda of senior executive and management meetings.
  • Maintain clear protocols on segregation of duties, and controls for the use of all technology including mobile/portable devices.
  • Ensure that only staff with the right responsibilities and security credentials has access to your systems and financial data.
  • Regularly monitor and update user access privileges.
  • Expect a cyber incident, plan for and practice your response and resolution to minimise the impact of a loss.
  • Consider strict procedures over all changes to customer/supplier bank details, key contacts and all other master data.
  • Ensure reconciliations do not just serve as a rubber stamp activity but detect and escalate a leakage in funds.

RELATED INSIGHTS

insight

Transaction Banking: The Extinction of Paper Cheques

Like the dodo and the dinosaur, paper cheques are on their way out.

Read more

insight

ASEAN Banking: Shaping the Future

The complete banking approach for this growing market.

Read more

insight

Australia’s New Payments Platform: Changing the Way Banks and Insurers Do Business

Imagine being able to make real-time data rich payments easily and quickly, any time, any place.

Read more

For a full set of relevant disclosures, please visit the link below.

View disclosures