Corporate Treasury is top target for cybercriminals

Corporate treasury is a top target for cyber-criminals. Treasury’s trove of personal
and corporate data, its authority to make payments and mover large amounts of
cash and its often complex structure make it an appealing choice for cyber
criminals, a survey by the Economist Intelligence Unit and Deutsche Bank
revealed.

“Sophisticated cyber-criminals often use social engineering and inside information
to execute high-value thefts via corporate treasuries”, said Michael Spiegel, Head
of Cash Management at Deutsche Bank. “Our research has identified serious
gaps in corporate defense, including vulnerabilities hidden with third parties and
their subcontractors. This gives cyber criminals the opportunity to steal data.”

Since an increasing number of treasuries have outsourced their back office and
payment factory processes to shared services and, treasury departments are
particularly vulnerable. The risk posed by insecure third parties is particularly high.

According to the research almost every fifth company (19 percent) doesn’t check
whether their suppliers use the same methods for identity authentication as they
do. “This leaves an open door for fraud”, according to Spiegel. Often, companies
and suppliers don’t coordinate regulatory and compliance rules. Nor do they
always ensure that information security requirements which apply to third parties
are also extended to their subcontractors. Even though almost all companies in
the survey performed internal penetration testing (92 percent), one-third of
companies (33 percent) do not conduct external testing. Only 38 percent of
companies require all of their third parties and suppliers to perform penetration
testing.

Sectors with the lowest percentage of authentication testing are, according to the
research, manufacturing (43 percent), Agriculture and agribusiness (38 percent),
Energy and Natural Resources (32 percent), Construction and Real Estate (31 percent) and Professional Services (25 percent).