An action plan to defend against cyber threats

Today’s management teams face complex challenges – a rapidly evolving, frequently uncertain, and increasingly competitive marketplace, plus complex macro-economic issues ranging from an uncertain geopolitical backdrop and market volatility to liquidity access and a changing regulatory environment.

On top of this, cyber threats are proliferating to pose significant risks to every company’s competitiveness, growth prospects and survival.

The size, frequency, and financial cost of cyber attacks continue to reach record levels. According to PwC’s 2016 Global State of Information Security survey, 38% more security incidents have been detected in 2015 than in 2014, with the theft of patent-related (“hard”) intellectual property increasing 56%. A whopping 62% of organizations were targets of payments fraud last year, according to the 2015 Payments Fraud and Control Survey, published by the Association for Financial Professionals (AFP) in the US.

These risks are likely to mount as companies operate in a new era of cyber warfare. The Wall Street Journal recently reported that according to a compilation of government records and interviews with US and foreign officials, at least 29 countries have formal military or intelligence units dedicated to offensive hacking efforts.

The impact of any cyberattack is very real and can have a fatal impact on a company’s reputation and profitability. The average cost of a data breach has reached a record US$3.8m according to a May 2015 study by the Ponemon Institute, representing a 23% increase since 2013. Juniper Research expects the cost of data breaches to have increased to US$2.1 trillion globally by 2019, almost four times the estimated cost of breaches in 2015.

No hiding place

No organization is immune to these threats. While small businesses are more obviously vulnerable, large organizations and government departments face equally serious risks; as was demonstrated by recent, high-profile attacks on multinationals such as Sony and US retail chains Target, and Home Depot, as well as this year’s theft of personnel data on millions of current and former US government employees.

More than two-thirds of respondents who participated in a recent Economist Intelligence Unit report say the adoption of new technologies is gaining momentum in their companies’ treasury departments. This trend represents a double-edged sword – while technology can create efficiencies and better controls, reliance on it can also generate new risks. With the majority of business and financial transactions taking place online and by email, cyber criminals are focusing on business communications systems and have increasing opportunities to strike.

No silver bullet exists to prevent these cyberattacks. Taking a thorough and holistic approach to fraud prevention is the only way that organizations can help guard against creative and diversified cyber attack strategies. That approach includes keepiing aware of cybercrime trends and emerging threats, and implementing robust business processes, approvals, and controls to verify the legitimacy of all transactions.

A six-point strategy

As a bank, we recommend that our business customers take the following six essential steps to help mitigate cybercrime:

  1. Fraud education: Education and training are essential to generating awareness and compliance with fraud-preventing measures across all levels of an organization. A company’s banking partner(s) should offer itself as the ideal source to keep treasury informed about emerging cyber threats and help it develop and take necessary preventative actions.
  2. Fraud prevention products: A comprehensive suite of fraud mitigation products and features is essential to safeguarding against payments fraud. These are regularly updated to incorporate new protective features, such as using payee line matching to help protect client accounts against cheque fraud.
  3. Behaviour monitoring tools: A bank’s back office behaviour monitoring controls are not always visible to customers, but help protect businesses from loss on a daily basis.
  4. Malware protection: Installing a dedicated, actively managed firewall and setting up robust detection tools is critical in mitigating fraud.
  5. Dual control: Requiring a second approver for large financial transactions or sensitive administrative functions is critical. Using out-of-band authentication via a different network adds a layer of security to help ensure that transactions are legitimate.
  6. Employee protection: Cash vault and armoured car services can help mitigate exposure to employees handling and transporting large amounts of unprotected cash.

In addition to the above advice, the best banks work with their clients to create and deliver a robust suite of fraud mitigation solutions and features that are essential to help safeguarding against fraud.

They speak with clients about security regularly, gathering their feedback so they can modify and strengthen the suite of products and back office controls. To support this, the bank’s security team should maintain open lines of communication with law enforcement organizations and have strong information sharing mechanisms in place. This enables the bank to so stay aware of known risks, alert clients and modify its processes as needed.

In today’s business landscape, technology, fraud and cybercrime tactics are evolving at breakneck speeds. By understanding the importance of identifying, developing and implementing security strategies that keep pace with this rate of change, companies can stay competitive and profitable, and continue to grow over the long term.


Related reading