Cyber Brief for CFOs: April 2024
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Compromised insiders are aiding cyber threats from nation-states
Organisations face heightened cyber threats from nation-state actors seeking access to networks, according to DTEX Systems – and insiders are often helping them get that access. Customer requests for protection against foreign interference have risen 70% since 2022, mostly from critical infrastructure and the public sector.?
Nation-states sometimes weaponise technology to socially engineer trusted insiders and conduct espionage, data theft and disruption, typically targeting sectors with valuable intelligence. Think your organisation is too small or under-the-radar to make an attractive target? Think again. If you work with clients from areas like government, technology or critical infrastructure, threat actors may see you as a vector for infiltrating those organisations.
Rather than employees acting with true malice, the most common insider threats involve compromised or negligent employees. Our comprehensive guide can help you minimise these sorts of risks (without needing to doubt your people!).
Small businesses say cyber threats are biggest concern
A MetLife survey found that six out of 10 small businesses view cyberattacks – including phishing and ransomware – as their biggest concerns, yet fewer than half have trained employees on cybersecurity measures. Despite this, 73% feel prepared for an attack.
It mirrors some of Eftsure’s own research , which found that 90% of finance leaders feel global cybercrime is increasing, yet nearly one in five small businesses aren’t using any anti-fraud control procedures. While small businesses do face unique challenges in cyber resources and capacity, they aren’t alone in their concern – late last year, CEOs from major corporations said cyber attacks were the business risk most likely to keep them awake at night .?
Want to hear what it’s actually like for a small business owner to experience a cyber attack? Don’t miss our conversation with Lance Rubin , founder of financial modelling consultancy Model Citizn , as he talks about how a cyber attack left him reeling – and how his business managed to avoid catastrophe .
WARNING: risks of fake invoice scams sky-rocket after smoke alarm data breach
Watchdogs are sounding the alarm over the possibility of surging invoice fraud, thanks to a major data breach. Cybersecurity researcher Jeremiah Fowler has revealed that Smoke Alarm Solutions – one of Australia's largest smoke alarm companies – left hundreds of thousands of customer documents exposed online for nearly three months without password protection.?
领英推荐
The 762,856 documents total 107GB and include over 355,000 detailed invoices, inspection records, quotes and reports containing sensitive customer information like names and email addresses. The researcher warns the data was "very likely" accessed by malicious actors, as the unprotected database provided fodder for scams like phishing attempts that impersonate the company.?
FBI says a record $12.5b was lost to cybercrime in 2023
The FBI’s Internet Crime Complaint Center (IC3) revealed that cybercrime losses reached $12.5 billion last year, a whopping 22% increase from 2022's already dizzying total.
According to its latest Internet Crime Report , IC3 says it received more than 880,000 cybercrime complaints in 2023, up 10% from the prior year. The report highlights business email compromise (BEC) as one of the costliest types of cybercrime, totalling $2.9 billion in losses in 2023.
This is a huge concern for finance leaders since BECs are one of the most common tactics used against finance and AP teams.
Among Eftsure’s database, we’ve seen increasingly sophisticated BEC tactics, including malicious actors infiltrating both the target organisation and its vendor. From there, they'll construct lengthy, organic-looking email chains and communications. AI is turbo-charging these tactics, with invoice swapper tools helping scammers scale their efforts and complex deepfakes deceiving staff into making fraudulent payments .
Dozens arrested in takedown of cybercrime platform
An international police operation has led to the arrests of five Australians and 32 others globally . As part of a 10,000-member criminal community, perpetrators used the LabHost phishing platform to create fake websites impersonating banks, governments and major organisations.?
The platform enabled users to distribute phishing emails and texts to victims, tricking them into giving up personal data. In other words, it was a cybercrime-as-a-service platform, removing hurdles for threat actors and facilitating the exact type of attacks that are most commonly used against businesses’ finance employees.?
The operation took down LabHost's domain and 207 phishing sites, with Australian arrests involving over 200 officers executing 22 search warrants across five states.??
Founder Model Citizn || Co-founder EXL Cloud || Providing fractional and interim CFO support) ?? Assisting relevant, informed and purposeful business decisions with Insight??
7 个月This is the conversation many don’t want to have and I’m glad I got the chance to share it publicly. Your own small business (my business) is never too small to ignore it. Thanks Eftsure and Shanna as a great host for this chat.