skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Find ANZ Contact
Find ANZ Contact
Article related to:

Financial Institutions

Cybercrime: The Darker Side of Digital Disruption

2016-05-31 16:16

FOREWORD

WITH BUSINESS AND CONSUMER INTERACTIONS MOVING TO DIGITAL FORMATS, THERE IS A WORLD OF OPPORTUNITIES BEFORE US. UNFORTUNATELY, THIS ALSO BRINGS INCREASED RISKS AND VULNERABILITIES FOR ORGANISATIONS REGARDLESS OF THEIR SIZE, INDUSTRY OR LOCATION.

Digital development is making it very easy for others to intercept many aspects of people’s professional and personal lives. It is no surprise that banks and corporates are ready targets for cybercrime, and we must continue to work together to prevent and mitigate the impacts of cybercrime.

At ANZ, we are committed to preserving the trust that our clients have in the quality and security of our banking services. As a corporate treasurer, we know the essential role you perform in managing risks within your organisational environment.

This guide ‘shines a light’ on ways you can keep your organisation safe and secure. Together with the robust security practices we implement to help protect our clients, it aims to minimise the chance of your organisation falling victim to cybercrime.

KEY TAKEAWAYS

  • Cyber criminals exploit any weakness in an organisation’s people, process or technology infrastructure.
  • Using humans to infiltrate organisations is a common factor in most current cybercrime attacks.
  • Effective processes together with a risk management approach are crucial.
  • Organisations benefit from a multi-layered risk management strategy – ‘defence in depth’.
  • The agility to know, control and adapt to new cyber threats will differentiate the strong from the weak.
  • Cyber resilience plans are essential – expect cyber disruption and prepare to deal with it while continuing to operate your business.

"CYBERCRIME IS NOW A BUSINESS IN EVERY RESPECT, WITH SERVICES THAT MIRROR THOSE OF MULTI-NATIONAL ORGANISATIONS INCLUDING CUSTOMER SUPPORT AND TECHNICAL HELPLINES TO ENSURE THEIR CRIMINAL PRODUCTS AND SERVICES WORK AS INTENDED."

HOW DO ATTACKS TAKE PLACE?

Methods used by cyber criminals are constantly evolving. They are too varied and numerous to list here. However, here are some of the most common methods.

Social engineering

Social engineering involves targeting an individual to facilitate the fraudulent transaction or data breach.
 

Malicious software

Malicious software or ‘malware’ involves tricking individuals into opening infected files so that the cyber criminal can either introduce spyware, ransomware, viruses, trojans or any type of malware that would allow them to gain access to data, devices or systems.
 

Existing system vulnerabilities

Cyber criminals often rely on known, but unpatched exploits, to gain access to IT systems to commit their crimes. Unchanged default root passwords are easy pathway into corporate IT systems.


 

KEY CONTROL CONSIDERATIONS FOR TREASURERS

People

Invest in staff awareness on cyber risks and in particular new social engineering and phishing techniques. Your staff are the first and last line of defence against cyber attacks.
 

Technology

Consider robust logical access controls, new system strengthening, network and endpoint firewalls, up to date malware and anti-virus protection, intrusion detection systems, regular patching, vulnerability scans and penetration tests.
 

Processes

  • Place cyber security on the agenda of senior executive and management meetings.
  • Maintain clear protocols on segregation of duties, and controls for the use of all technology including mobile/portable devices.
  • Ensure that only staff with the right responsibilities and security credentials has access to your systems and financial data.
  • Regularly monitor and update user access privileges.
  • Expect a cyber incident, plan for and practice your response and resolution to minimise the impact of a loss.
  • Consider strict procedures over all changes to customer/supplier bank details, key contacts and all other master data.
  • Ensure reconciliations do not just serve as a rubber stamp activity but detect and escalate a leakage in funds.

{CF_IMAGE}

{CF_IMAGE}

For a full set of relevant disclosures, please visit the link below.

View disclosures

Download the PDF

anzcomau:institutional/Financial-Institutions,anzcomau:institutional/Cyber-Crime,anzcomau:institutional/Transaction-Banking,anzcomau:institutional/Risk-Management,anzcomau:institutional/Asia-Pacific
Cybercrime: The Darker Side of Digital Disruption
2016-05-31
/content/dam/anzcom/images/institutional/migrated/heroimages/anz-institutional-telco-electronics-122_HERO420.jpg

Important information

This publication is published by Australia and New Zealand Banking Group Limited ABN 11 005 357 522 (“ANZBGL”) in Australia. This publication is intended as thought-leadership material. It is not published with the intention of providing any direct or indirect recommendations relating to any financial product, asset class or trading strategy. The information in this publication is not intended to influence any person to make a decision in relation to a financial product or class of financial products. It is general in nature and does not take account of the circumstances of any individual or class of individuals. Nothing in this publication constitutes a recommendation, solicitation or offer by ANZBGL or its branches or subsidiaries (collectively “ANZ”) to you to acquire a product or service, or an offer by ANZ to provide you with other products or services. All information contained in this publication is based on information available at the time of publication. While this publication has been prepared in good faith, no representation, warranty, assurance or undertaking is or will be made, and no responsibility or liability is or will be accepted by ANZ in relation to the accuracy or completeness of this publication or the use of information contained in this publication. ANZ does not provide any financial, investment, legal or taxation advice in connection with this publication.

Top