WC CFO TheStrategicCFO#44 Online NZ Final - Flipbook - Page 1
CFO’s need to see
CYBER
FRAUD
not as an
IT ISSUE
By George Hazim
As technology rapidly evolves and accessibility is its central theme,
somewhere along the way, we have nurtured deception.
The world has become a pervasive
place with a paradigm of accelerating
change continually altering the rules
of engagement.
From fake Facebook profiles, cat fishing
and scamming, nothing is as it seems.
Technology has bred a culture of
exploitation and nothing and no one
is off limits. The Holy Trinity of masses
of data, lack of privacy and the ability
to defraud corporations is cybercrimes
nirvana.
Since 2015, cybercrime has grown
exponentially. Criminals are no longer
bound by borders because there
are none in the virtual world.
And while technology explodes,
and cybercriminals rip billions from
businesses, nothing better highlights
the art of deception than the actions
of Evaldas Rimasauskas.
Rimasauskas duped Google and FB out
of more than $173m. He used a Business
Email Compromise (BEC) scam.
BEC is a ‘reverse play’. Rather than
target companies, phishing mails are
sent to obtain email login details of
people in supplier organisations and
then used to send, fake invoices or
change of bank detail requests to the
supplier’s customers. As invoices and
bank change requests come from the
authentic email address and include
prior trails of email correspondence and
written in the same style as previous
legitimate emails it makes it almost
impossible for corporate clients to notice
the fraud.
CFOMagazine.com.au
The scam relies on human behavioural
psychology and knowing many
departments won’t question requests
from legitimate suppliers, especially
where a thread of prior communication
is present.
If two of the world’s
most technologically
superior corporates
can be scammed, how
exposed is corporate
Australia?
”
In the current environment, the
answer is “extremely” through lack of
knowledge and naivety, Australia’s CFO’s
are unwittingly complicit in helping
cybercriminals by expecting untrained
staff to play detective. There is an
abundance of unconscious incompetence
in many accounts departments, where
people simply don’t know what they
don’t know.
Michael Connory, CEO of Cybersecurity
firm Security In Depth and Australia’s
foremost expert in cybersecurity, says it’s
not a matter of ‘if’ but ‘when’.
“We have seen, since 2018, cyberattacks
rise and become more brazen. It’s
seems hackers are sending a message
especially to the banks, they can hit us
anytime, anywhere and penetrate at will.
Investment in training is paramount.
That’s where the real problem lies,”
Connory says.
An advisor to corporates globally,
Connory makes it clear staff training
is imperative. “Organisations need
to implement good governance. The
challenge is not to adopt a band aid
approach to cybersecurity but lay solid
foundations.”
eftsure is an Australian secure payments
data platform, mitigating the risk of
fraudulent business payments in the
electronic payment process. It protects
a business’ assets and people through a
cross-verified database combined with
external data sources and independent
verification procedures ensuring
payments arrive at their intended
recipients.
In recent months it has seen a significant
rise in attempts to defraud corporations.
eftsure protected over $21bn of
payments by Australian corporates from
being diverted to fraudsters last year
and is currently protecting more than
$2.5bn a month of payments with its
Know Your Payee (KYPTM) platform.
Mike Kontorovich, Co-Founder of eftsure
says, “based on what we are seeing, 2020
will be the year an Australian company
will be hit with a cyber financial
disaster,” as most Australian businesses
remain fully exposed to falling victim to
the exact scam Rimasauskas ran. “The
figure will be unquantifiable, yet big
enough to cause serious problems.”
