Combatting Treasury Fraud - HSBC

Combatting Treasury Fraud:

External forces changing the cybercrime and cyber-fraud landscape

HSBC View

Welcome

"Cyber threats that were previously unthinkable are now daily news"1. With the threat to treasury teams continuously morphing, finance professionals need to be well prepared. We partnered with Celent to explore this topical issue and have discovered that many treasury teams are not as prepared as they need to be.

The report highlights that a full 77% of organisations have not yet identified a cyber scenario that could affect them and over one third (37%) do not have an understanding of their exposure to cyber risk. To complicate matters, the research emphasises the key risk that all treasurers must grapple with: that cybercrime and the cyber fraud landscape is constantly shifting with an ever-growing range of attack mechanisms and increasingly sophisticated tools.

Two attack vectors in particular stand out: the use of ransomware and the rise of treasury fraud. Both are explored in this report, including specifically, how business email compromise and internal fraud remain key threats to treasurers.

As custodians of an organisation's cash, treasurers have a key role to play in the fight against cybercrime. By being strategic about this issue, treasurers can go a long way to mitigating the threat. To help you, the report highlights some of the best practices that treasurers should adopt, including taking a risk based approach, better using technology and education and the role of insurance.

I hope you find this an informative read.

Nadya S Hijazi

Global Head of Digital, Global Liquidity & Cash Management and Business Banking, HSBC

The report highlights that a full 77% of organisations have not yet identified a cyber scenario that could affect them.

As custodians of an organisation's cash, treasurers have a key role to play in the fight against cybercrime.

1 Marsh & McLennan Cyber Handbook, 2016

COMBATTING TREASURY FRAUD

EXTERNAL FORCES CHANGING THE CYBERCRIME AND CYBERFRAUD LANDSCAPE

NOVEMBER 2017

Patricia Hines, CTP

This report was commissioned by HSBC Bank Plc. ("HSBC") at whose request Celent developed this research. The analysis, conclusions and opinions are Celent's alone, and HSBC had no editorial control over the report contents.

CONTENTS

INTRODUCTION.............................................................................................................. i THE CYBERCRIME AND CYBERFRAUD LANDSCAPE ............................................... 1

FOCUS ON RANSOMWARE............................................................................ 3 FOCUS ON TREASURY FRAUD...................................................................... 3 FIGHTING BACK: WHO IS DOING WHAT? ................................................................... 7 BEST PRACTICES ......................................................................................................... 8 TAKING A RISK-BASED APPROACH.............................................................. 8 LEVERAGING TECHNOLOGY ......................................................................... 9 MINIMISING RISK........................................................................................... 10 THE PATH FORWARD ................................................................................................. 12 APPENDICES ............................................................................................................... 14 ABOUT OUR RESEARCH ............................................................................................ 17 USING SEASONED PROFESSIONALS......................................................... 17 AN UNPARALLELED NETWORK................................................................... 17 ROBUST RESEARCH METHODOLOGY AND INDEPENDENCE ................. 17 RELATED CELENT RESEARCH.................................................................................. 18

? CELENT

"The cyberthreats that many companies previously considered to be unthinkable are

now"Thdeaiclyybneerwthsre. aTtos athvaotidmabneycocmominpganaineostphreervhioeuasdlylinceon, soirdgearendizatotiboensunmthuisntkapbrelepaarree for thenwowordsat i--ly ninecwlsu.dTinogatvhoeidubnethcoinmkainbglea.n"1other headline, organizations must prepare for

the worst -- including the unthinkable."1

INITNRTROODDUUCCTTIOIONN

Many treasurers are tasked with understanding and mitigating cyber-risks. That is due in part to the Many treasurers are tasked with understanding and mitigating cyber-risks. That is due in part to the

factfatchtatthcaot rcpoorpraotreatteretraesausruerresr'sr'eressppoonnssibibiliiltitieiess hhaavvee eexxppaannddeeddssigignnifiifcicaanntlytlyininrerceecnetnyteyaersartos tinocilnucdleude mamnaagneamgeemnet notf othf ethceocmompapnayn'ys'scocommpplelexxrrisiskkss,, rreegguullaattoorryyoovveerrssigighht,t,aannddtretraesausruyrtyectehcnhonloogloy.gy. TreTarseuarseurrsearslsaolshoahvaeveulutimltimataetereressppoonnssibibiliiltityyffoorr mmaannyy ooff tthheeaarreeaassmmoostsct ocmommmonolynltyartgaergteedtebdyby cybceyrbcerirmcriinmainlsa,lsin,cinlucdluindgingcacsahshbbaalalanncceess,,gglloobbaall bbaannkk ccoonnnneecctitvivitiyty, ,hhigighh-v-avlauleuepapyamyemnetsntpsropcreoscseisnsgi,ng, andanmdaminateinnteannacnecoeforferpeepteittiivtieveppaayymmeennttininssttrruuccttiioonnss..

8822%%ofotfretraesausurerersrsccitieteddccyybbeersecurityyaasstthheeirirnnuummbbeer ronoenecocnocnecrenr2n 2

TheThtreeatrseuarsyuraynadnfdinfainnacneceprporfoefsesisoionnaalslswwhhoorreespondedd ttootthheeAACCTT's'saannunaulaslusruvrevyecyitceidted

"cyb"ceyrbseercsuerciutyr"itya"satshethireinrunmumbebreroonneeccoonncceerrnn((8822%%)),, ffoolllloowweeddbbyy"o"oththeer rgegoegorgarpahpichaiclaulnucnecrtearintatyinty exceluxdcliundginBgreBxreitx" i(t"69(6%9%), )a, nadndfinfinaanncciaial lmmaarrkkeettss vvoollaattiilliittyy ((6677%%))..WWitihthbbrereacahcehsesbebceocmoimnginmgomreore freqfrueeqnuteannt dansdesveevreer,eit,'sit'snonosusruprprirsiseeththaattttrreeaassuurreerrss aarree pprriioorritiitsisininggccyybbeersresceucruitryi.ty.

TheThreeproerptolortolokoskastahtohwowcocroproproaratetetrtereaassuurryyoorrggaanniissaattiioonnssccaanncceenntrtaralisliese, a, uatuotmomatae,tea,nadnsdtrsetarmealimneline mamnaagneamgeemnet,ntte, ctehcnhonloogloigeise,sp, rporocecesssseess,,aannddccoonnttrroollss ffoorr aassoouunnddeerraannddmmoroerererseilsieilnietnctycbyebrseercsuercituyrity

and cyberfraud framework. and cyberfraud framework.

1Go to Cyber Extremes: What to do when Digitalization Goes Wrong, Claus Herbolzheimer, MMC Cyber Handbook 2016, Marsh & 1Go toMCcLyebnenraEnxCtroemmpeasn:iWesh' GatlotobadloRwiskheCnenDtiegritalization Goes Wrong, Claus Herbolzheimer, MMC Cyber Handbook 2016, Marsh &

Mc2LTehnenBaunsiCneosmspoafnTireesa'sGulroyb2a0l1R7i,sAksCsoecnitaetiron of Corporate Treasurers (ACT), 2017

2The Business of Treasury 2017, Association of Corporate Treasurers (ACT), 2017

Chapter: Introduction

i

Chapter: Introduction

i

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download