Source: Deutsche Bank
Corporate treasury is a top target for cyber-criminals. Treasury’s trove of personal and corporate data, its authority to make payments and move large amounts of cash and its often complex structure make it an appealing choice for cyber criminals, a survey by the Economist Intelligence Unit and Deutsche Bank revealed.
“Sophisticated cyber-criminals often use social engineering and inside information to execute high-value thefts via corporate treasuries”, said Michael Spiegel, Head of Cash Management at Deutsche Bank. “Our research has identified serious gaps in corporate defense, including vulnerabilities hidden with third parties and their subcontractors. This gives cyber criminals the opportunity to steal data.”
Since an increasing number of treasuries have outsourced their back office and payment factory processes to shared services, treasury departments are particularly vulnerable. The risk posed by insecure third parties is particularly high.
According to the research almost every fifth company (19 percent) doesn’t check whether their suppliers use the same methods for identity authentication as they do. “This leaves an open door for fraud”, according to Spiegel. Often, companies and suppliers don’t coordinate regulatory and compliance rules. Nor do they always ensure that information security requirements which apply to third parties are also extended to their subcontractors. Even though almost all companies in the survey performed internal penetration testing (92 percent), one-third of companies (33 percent) do not conduct external testing. Only 38 percent of companies require all of their third parties and suppliers to perform penetration testing.
Sectors with the lowest percentage of authentication testing are, according to the research, manufacturing (43 percent), Agriculture and agribusiness (38 percent), Energy and Natural Resources (32 percent), Construction and Real Estate (31 percent) and Professional Services (25 percent).