Cyber Brief for CFOs: June 2024

Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.

EOFY brings fresh tax scams and cyber risks

The end of financial year typically carries extra admin for finance professionals – which can mean less time and more stress. Scammers understand this all too well and typically look to capitalise on the bigger workloads of time-poor AP teams. Fraud attempts tend to spike as we lead into this busy period – and those in the public sector, including councils and healthcare organisations, seem to be targeted more heavily this year.

Unfortunately, the spike in attempts isn’t confined to Eftsure’s customer base. There are numerous media reports about the tax scams targeting individuals and businesses alike, including a throw-back flagged by Bendigo Bank in which scammers ask customers to open HTML files attached to emails. Experts have warned that small to medium-sized businesses are especially at risk since they often have smaller headcounts and fewer resources to minimise the demands of a hectic EOFY period.?

Keep your business safe this year by learning how to spot the signs and know the latest tactics:?

• How to spot an end of financial year scam
• 7 ways to spot and prevent tax scams

600m records exposed in Ticketmaster, Santander breaches

Two global companies, digital ticketing giant Ticketmaster and leading commercial bank Santander, were hit by major data breaches that appear to be linked to cyber attacks targeting the same cloud data platform, Snowflake. As the source of the breach remains unclear – Snowflake denies a breach – the damage is likely far from over.

With 590 million data records exposed between the two incidents, these recent breaches serve as a stark reminder for finance leaders that security threats lurking in your software supply chain can often prove the most deadly, giving rise to financial scams in the aftermath.

See the full timeline.

Anti-scam ‘intel loop’ to facilitate faster information sharing between sectors

The Australian Financial Crimes Exchange (AFCX) and National Anti-Scam Centre (NASC) have co-designed an anti-scam intelligence loop (“intel loop”), a system that allows faster sharing of verified scam information between agencies, banks, telcos, internet providers and social media companies.?

Participants can submit details like scam phone numbers and URLs to have them blocked across the loop. The shared data enables faster action against cybercrime tactics, like phone or SMS scams, fake websites and fraudulent ads. The loop will phase in broader information sharing, starting with a focus on SMS phishing scams.?

Moody’s Ratings: cyber risks may erode businesses’ creditworthiness

Cyber attacks pose a growing risk to company creditworthiness, according to credit rating agency Moody's Ratings. The costs from attacks – including business interruption, ransomware payments and legal settlements – can lead to serious issues like loss of customers and broken revenue flows. This can strain liquidity and raise debt costs, while litigation and regulatory fines may further harm credit quality over time.?

While cyber attack disclosure requirements appear to be improving data availability, over a third of organisations operated with known exploited vulnerabilities last year. According to Moody’s analysis, cash-strapped, highly leveraged companies are most susceptible, whereas diversified firms with ample liquidity are better insulated from cyber incident credit impacts.

Survey: CFOs less likely to control cybersecurity budgets

A survey by consulting firm RSM US found that chief technology officers (51%) or security officers (42%) are more likely to control their organisations’ cybersecurity budgets, rather than chief financial officers (34%).

It’s a significant data point since cyber risks and measures for defending against them aren’t cheap. In fact, the average annual security center operations budget for large corporations sits around $14.6 million USD, according to a KPMG survey. RSM's security lead said CFOs technically control all budgets, but giving CFOs’ greater oversight of cybersecurity spending can better align it with overall strategy versus simply adding to the tech stack.?

As the gatekeepers of their organisations’ finances, CFOs and their teams are popular targets for cybercriminals. If finance leaders aren’t involved in designing and driving security procedures, it can create gaps between tech teams and finance teams – gaps that scammers and fraudsters are more than happy to exploit.?

ASIC gets funding for new threat intelligence platform, inherits Australia Business Registry platforms

The Australian Securities and Investments Commission (ASIC) will implement a new cyber threat intelligence platform after receiving federal funding in the recent budget. Part of the allocated $206.4 million will go towards improving threat detection capabilities, according to ASIC chair Joseph Longo.

Longo said the investment is critical for making the agency more data-informed and exploring emerging technologies like AI and machine learning. ASIC has also received funding to “stabilise” the legacy Australian Business Registry platforms it inherited from the Australian Taxation Office in May 2024.?