Corporate treasurers have already taken significant steps to fortify their cybercrime defences however, chinks in the armour of many treasury departments still remain – mainly in the form of third parties.
Indeed, according to research undertaken by the Economist Intelligence Unit (EIU), whom surveyed more than 300 corporate treasury executives on their existing cybersecurity defence mechanisms, 19% of companies still do not check whether their suppliers use the same methods for identity authentication as they do. They have not, for example, asked whether suppliers have secure email systems to protect confidential information, or whether they offer the ability to check the IP addresses of log-ins to match them with preassigned, or “white-listed” addresses.
Writing in Treasury and Risk, Dave Watson, Deutsche Bank’s Global Head of Digital Cash Products, and Americas Head of Cash Management for Deutsche Bank GTB business, explains how such gaps leave the door open for imposter fraud in which hackers attempt to manipulate payment instructions, either by posing as a supplier and sending fraudulent invoices or by altering the payment instructions of legitimate invoices in order to redirect funds to a different account.
For Watson, avoiding falling victim to such incidents is a matter of working with supply chain partners to jointly tighten security protocols. “Basic steps include ensuring third parties use a secure email system, including two-factor authentication (or equivalent) to verify that employees of the supplier are who they say they are. In addition, companies should check whether their suppliers track the IP addresses of those entering their treasury management or email systems.”
After all, a chain is only as strong as its weakest link.
To read the full article, please click here.