Treasury & cash management
payments processing, and the maintenance of repetitive payment instructions. As digital transformation continues to reshape the finance function, there is potential for bad actors to exploit any vulnerability in the network, and the human link in the chain is often seen as the weakest. “Treasurers are often the keepers of all treasury knowledge, which is clearly both a strength and weakness,” says treasury expert David Faller, an adjunct lecturer in professional studies at Northwestern University, and senior vice president of capital markets at Associated Bank. “As they have the authority to initiate activities like wire transfers and have links into all the connecting internal and external systems, saving passwords or, worse, a single sign-on (SSO), hacking into this account can quite literally give you the keys to the banking and finance car,” Faller continues. “Mitigation through dual authorisation can help but, in reality, hacking into a treasurer’s accounts opens a potential treasure trove of access.”
Close the purse strings
Cybercrime is a lucrative business. Indeed, the World Economic Forum estimates that the direct damage from cybercrime cost the world $6.3trn in 2021, equating to 6.3% of the total global economy. Lured by such huge profits, cybercriminals will inevitably keep on finding new and ingenious ways to break into a victim’s virtual vaults. Furthermore, hackers seem happy to target businesses across all industries and of all sizes. PwC’s ‘Global Economic Crime and Fraud Survey 2022’ shows that cybercrime is the main cause of fraud in industrial manufacturing, the public sector, health, technology, telecoms and many other sectors – and is a close second to customer fraud in several others. For companies of all sizes, the survey showed that cybercrime was the cause of around one-third of all fraud experienced. Understandably, the perception of risk is growing, not least because of the growing number of successful data hacks, phishing attacks and ransomware operations.
For his part, Faller notes that the vulnerability of treasurers is something that companies – and treasurers themselves – generally recognise, even if cybersecurity is sometimes seen as a mere IT issue. Certainly, the information security team should play a major role in securing the network, and the firewalls around specific systems should not be within the remit of the treasurer, but cybersecurity is nonetheless a matter for everyone within any given organisation.
“Both the treasurer and the information security team have important roles,” Faller says. “IT will understand the tech architecture and environment, but treasurers will understand how the systems
Finance Director Europe /
www.financedirectoreurope.com
interlink to the external world in a deeper way than the average IT executive. I would see them both as having complementary and necessary roles.” Treasurers are working more closely with cybersecurity personnel to standardise policies and – though their risk profile has grown and they have become more visible on the radar of cybercriminals – that collaboration means the situation is far from hopeless. Among other things, the process of digital transformation across large organisations is moving them away from inflexible legacy systems that have a number of inherent vulnerabilities. Yet if there are plenty of proactive measures that treasurers can take to keep their operations secure, they must first ensure they fully understand the nature of the threat. “Treasurers need to understand that cyber risk can take many forms,” Faller says. “Most focus on the risk to their firm but hacking into firm A can be a conduit to Firm B. Say a hacker gets into the systems of a smaller firm A – which is most likely relatively easy – and Firm A has a business relationship with a large firm, B. By accessing A’s systems, they can gain valuable information on things like payment details or billing schedules that might be used to divert payments, generate false invoices and so on.” “It’s also important to remember that all hacking issues are not the quick, one-shot smash and grab style of theft,” Faller adds. “There can be slow- burning hacks that fly under the radar because they don’t generate individually significant thefts, but over time, these amounts can be significant. To address this, treasurers need to start thinking like hackers.” To think like a hacker, treasurers must, among other things, understand the routes into their systems – and pay close attention to those systems and processes that could result in the most valuable hauls.
37% Munich Re
The percentage of executives in the US concerned about a cyberattack on their company.
“Treasurers are often the keepers of all treasury knowledge, which is clearly both a strength and weakness.”
Once again, individuals are often the weak link here. Cybercriminals often find their way into a network through compromising a person with access, stealing passwords, infecting a device they might connect to the network or exerting pressure on them to disclose sensitive information. That is an issue that is harder to contain, but one which treasurers must ensure they are keenly aware of. “It is difficult to mitigate that risk because it just takes one person to drop their guard and the door opens,” says Faller. “System monitoring, compartmentalisation, and strong cyber defences are great but they can be defeated by a single action by a human. It is a constant struggle.”
31
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45
