Finance

Dealing with the growing threat of cyber-security for treasurers

Kehinde Dabiri, CEO

7 December 2022 | 1:11PM GMT

Cybersecurity is one of the most common issues confronting corporate treasurers around the world. The AFP Payments Fraud Survey, underwritten by J.P. Morgan, surveyed nearly 700 treasury and finance professionals in 2018 and discovered that 78% were victims of fraud in 2017. Because of the high volume of funds managed by the department, hackers and cybercriminals regard corporate treasury as a prime target.

These attacks have become more common and sophisticated in recent years, stealing not only company funds but also sensitive data or, in extreme cases, shutting down a company's financial system for ransom or to promote a geopolitical agenda.

Companies are more vulnerable than ever before as a result of increased digitization and reliance on a wide range of IT systems. This has resulted in changes in business models and methods of work. The global pandemic has led to a rise in remote working, which has increased the risk of cyberattacks for companies because more people are now working from home or in environments that are not best suited to best-in-class cybersecurity software or protection. Treasurers are now exposed to greater risk and must exercise greater caution when initiating payments and managing data flow.

Treasurers must consider new and improved methods to keep their company safe from hackers as the digital age evolves. A good first step is to adopt a defense-in-depth cyber security posture, which involves deploying cyber security controls at different stages of operations based on the risk assessment. Besides this, at Ceviant, we carry out Penetration Test (PENTEST) on all internal and external infrastructure that supports our treasury applications. PENTEST simulates real-life attack scenarios and attempts to exploit vulnerabilities in our infrastructure and applications; as a result, security controls are implemented to reduce the risk of cyber-attacks.

How can Fintech support treasury and finance departments tackle cybercrime?

In-depth risk management and regulatory compliance are key to tackling security threats. The issue of security is a shared concern across all sectors and must be addressed as early as possible. Treasurers and corporates are increasingly mindful of the systems they integrate with and of the vendors they work with. A lot of these solutions are provided by Fintech companies. It, therefore, helps for fintechs to implement and comply with requirements provided by standard organizations and regulators. A series of ongoing network security and data security audits are necessary for the maintenance of licenses and certifications. This helps reassure treasurers that are skeptical about adopting technology because of the fear of security.

There are also other regulators and regulatory requirements like obtaining a license which involves a series of audits

Therefore, it is important for fintechs to demonstrate that their networks are fraud-proof and compliant while showcasing what they have been able to achieve in terms of security and adopting global standards.

Today, there are numerous ISO certification standards including :

ISO 27001:2022 – Information Security Management Systems Certification

ISO 22301: 2019- Business Continuity Management System Certification

ISO 27701:2019-- Privacy Information Management Systems Certification

ISO 20000-1-- IT Service Management Systems Certification

ISO 28000:2007- Supply Chain Security Management Systems Certification

These standards specify guidelines that companies need to adopt to ensure security of financial information and data while conducting transactions across multiple payment rails.

What sectors are more prone to cybercrime?

According to Verizon's 2019 Data Breach Investigation Report, 43% of cyber-attacks were directed toward small businesses. The most common attack vectors to small businesses are phishing and malware.

According to IBM Security, the healthcare sector has had the highest average cost of a breach for 12 years consecutively. Between 2017 and 2019, more than 90% of all healthcare organizations have reported at least one security breach which can manifest in a denial of service, malicious code, ransomed data, and more.

The energy and infrastructure sectors are also highly targeted. S&P Global Platts, the energy and infrastructure sector emerged as the biggest target for hackers and cyberattacks, accounting for a third of all incidents in 2017. In 2021, an attack by hackers on Saudi Aramco, the world’s largest single exporter of crude oil, involved a data leak and an attempt to extort $50 million from the state-controlled oil producer.

With attacks on the rise, what can treasuries do to stay secure?

The key is to remain compliant with regulation and robust internal control policies. It is important for corporate treasurers to ensure their controls, systems and processes are fully aligned with industry regulations and standards. If controls are inadequate, greater risks and the possibility of fraudulent activity can arise.

Finance and treasury departments must invest in robust treasury technology to minimize the risk of cybercrime. A treasury management system (TMS) is a key tool in the treasury department’s world, and essential to managing the company’s cash positions and risk management.

If a company is not running a fully functional, regulated and compliant TMS, with updated security and infrastructure, there is a strong chance that the system is at greater risk of being exploited.

Cyber-criminals usually target software vulnerabilities, which makes older versions far more vulnerable to cyber-threats. We work with our clients not only to integrate their treasury and finance management solution on our secure and highly regulated platform, but also educate them to strengthen their internal systems to enable comprehensive protection.

ISO 20022 and the future of payments

ISO 20022 is a globally adopted standard for financial messaging that is changing the way payments are made and processed. Developed by the International Organization for Standardization (ISO), the standard aims to increase efficiency and reduce costs within the financial industry by enabling the exchange of structured data between financial institutions and corporates.

Efficient Cash Management for Law Firms with Ceviant

Examining the common cash management pain points that law firms face and how Ceviant's solutions can help mitigate them.

Making International Payments Easier, Faster and More Secure with SWIFT GPI

How Ceviant uses SWIFT gpi to make international payments swift, secure, and easy.

The Future of Banking is Open

Open Banking allows third-party access to multiple bank accounts via APIs, giving banks new ways to add value and enabling competition from small players. Across the EMEA, open banking initiatives create standards which banks must meet, making it the future of banking.

Dealing with the growing threat of cyber-security for treasurers

Treasurers are responsible for the financial health of their organizations, and they must now take greater care when initiating payments and managing data flow. They need to be aware that every payment, whether it is a cash transaction or an electronic transaction, carries with it the risk of fraud. The pandemic has forced businesses to rethink their operations, which is why it’s so important for treasurers to keep up-to-date with the latest trends in technology, security and compliance.

Advancing the Treasury function with technology

Treasury departments are under pressure and must adapt to rapid technological advancement. Managing multiple liquidity pools, streamlining numerous payment types and maximising value are some of the treasury division's pressure points. With the rise of APIs and the inevitable shift to a digital-first approach, treasurers need to embrace change. This attitude has been further accelerated by the Covid pandemic and remote working, forcing institutions to reprogramme their business processes and workstreams.

Easing Bank Connectivity with Fintech Innovations

Looking at the evolution of banking systems in Nigeria, it is clear there are specific services that banks in Nigeria are already offering, such as providing access to accounts and e-wallets. However, beyond creating accounts for customers, banks are often unable to effectively provide innovative value-adding solutions to customers because of a lack of technological expertise. This is exactly where fintechs fit in.

How treasury fintech is changing the way companies in Africa navigate cash management

There are several challenges for companies in Africa with regard to managing cash but fintech is developing solutions fast to help businesses address these challenges.

Banks and Fintechs: Collaboration Not Competition

Some Nigerian banks may resist fintechs because they regard them as competitors who are taking away their customers, but fintechs have a duty to explain to them that this is not the case. Banks have the banking infrastructure which is effectively complemented by fintechs’ IT solutions. Fintechs essentially help deepen the relationships that banks have with their customers by providing complementary services. Fintechs are not banks because they do not hold funds. Customers’ accounts are held in and managed by the banks and the flows through the accounts remain there.

The LEI Future - eliminating data duplication for clients and businesses

The LEI future eliminates unnecessary data duplications for clients and financial institutions. Legislators have increasingly called for greater transparency in domestic and especially international financial transactions in recent decades. This is due to the need to curb crime, notably terrorist financing and money laundering. The regulatory environment has progressively extended the list of information that must be collected and stored about customers to achieve this.

Why APIs are essential to enterprise payment optimisation

Application programming interfaces (APIs) help consolidate enterprise payments and reduce the need for third-party intermediaries.

Treasury Payments Reinvented

Streamlining payments into a simple and effective process can often be elusive to corporates. An ineffective payment system leads to inaccurate reporting, loss of valuable time and, ultimately, a distressed treasury department. These potential issues have been further amplified by the current business climate, where erratic supply chains and remote working environments have become the norm rather than an exception.

Tags

cybersecurity
Payment
cybercrime