Cybersecurity is one of the most common issues confronting corporate treasurers around the world. The AFP Payments Fraud Survey, underwritten by J.P. Morgan, surveyed nearly 700 treasury and finance professionals in 2018 and discovered that 78% were victims of fraud in 2017. Because of the high volume of funds managed by the department, hackers and cybercriminals regard corporate treasury as a prime target.
These attacks have become more common and sophisticated in recent years, stealing not only company funds but also sensitive data or, in extreme cases, shutting down a company’s financial system for ransom or to promote a geopolitical agenda.
Companies are more vulnerable than ever before as a result of increased digitization and reliance on a wide range of IT systems. This has resulted in changes in business models and methods of work. The global pandemic has led to a rise in remote working, which has increased the risk of cyberattacks for companies because more people are now working from home or in environments that are not best suited to best-in-class cybersecurity software or protection. Treasurers are now exposed to greater risk and must exercise greater caution when initiating payments and managing data flow.
Treasurers must consider new and improved methods to keep their company safe from hackers as the digital age evolves. A good first step is to adopt a defense-in-depth cyber security posture, which involves deploying cyber security controls at different stages of operations based on the risk assessment. Besides this, at Ceviant, we carry out Penetration Test (PENTEST) on all internal and external infrastructure that supports our treasury applications. PENTEST simulates real-life attack scenarios and attempts to exploit vulnerabilities in our infrastructure and applications; as a result, security controls are implemented to reduce the risk of cyber-attacks.
How can Fintech support treasury and finance departments tackle cybercrime?
In-depth risk management and regulatory compliance are key to tackling security threats. The issue of security is a shared concern across all sectors and must be addressed as early as possible. Treasurers and corporates are increasingly mindful of the systems they integrate with and of the vendors they work with. A lot of these solutions are provided by Fintech companies. It, therefore, helps for FinTech’s to implement and comply with requirements provided by standard organizations and regulators. A series of ongoing network security and data security audits are necessary for the maintenance of licenses and certifications. This helps reassure treasurers that are skeptical about adopting technology because of the fear of security.
There are also other regulators and regulatory requirements like obtaining a license which involves a series of audits.
Therefore, it is important for fintechs to demonstrate that their networks are fraud-proof and compliant while showcasing what they have been able to achieve in terms of security and adopting global standards.
Today, there are numerous ISO certification standards including:
- ISO 27001:2022 – Information Security Management Systems Certification
- ISO 22301: 2019- Business Continuity Management System Certification
- ISO 27701:2019 – Privacy Information Management Systems Certification
- ISO 20000-1 – IT Service Management Systems Certification
- ISO 28000:2007- Supply Chain Security Management Systems Certification
These standards specify guidelines that companies need to adopt to ensure security of financial information and data while conducting transactions across multiple payment rails.
What sectors are more prone to cybercrime?
According to Verizon’s 2019 Data Breach Investigation Report, 43% of cyber-attacks were directed toward small businesses. The most common attack vectors to small businesses are phishing and malware.
According to IBM Security, the healthcare sector has had the highest average cost of a breach for 12 years consecutively. Between 2017 and 2019, more than 90% of all healthcare organizations have reported at least one security breach which can manifest in a denial of service, malicious code, ransomed data, and more.
The energy and infrastructure sectors are also highly targeted. S&P Global Platts, the energy and infrastructure sector emerged as the biggest target for hackers and cyberattacks, accounting for a third of all incidents in 2017. In 2021, an attack by hackers on Saudi Aramco, the world’s largest single exporter of crude oil, involved a data leak and an attempt to extort $50 million from the state-controlled oil producer.
With attacks on the rise, what can treasuries do to stay secure?
The key is to remain compliant with regulation and robust internal control policies. It is important for corporate treasurers to ensure their controls, systems and processes are fully aligned with industry regulations and standards. If controls are inadequate, greater risks and the possibility of fraudulent activity can arise.
Finance and treasury departments must invest in robust treasury technology to minimize the risk of cybercrime. A treasury management system (TMS) is a key tool in the treasury department’s world, and essential to managing the company’s cash positions and risk management.
If a company is not running a fully functional, regulated and compliant TMS, with updated security and infrastructure, there is a strong chance that the system is at greater risk of being exploited.
Cyber-criminals usually target software vulnerabilities, which makes older versions far more vulnerable to cyber-threats. We work with our clients not only to integrate their treasury and finance management solution on our secure and highly regulated platform, but also educate them to strengthen their internal systems to enable comprehensive protection.