At a glance
Over the 2021-2022 financial year, the Australian Cyber Security Centre received more than 76,000 cybercrime reports, an increase of nearly 13 per cent on the previous financial year.
Now, the rapid proliferation of artificial intelligence (AI) tools is giving cybercriminals even greater capabilities to infiltrate systems, craft phishing messages and impersonate trusted contacts.
The bottom line? Fraud attempts will get harder to detect, and organisations’ finances will be more vulnerable than ever.
Protecting your organisation starts with the right people, processes and technology, says Mark Chazan, CEO and co-founder of Eftsure, a leader in fraud detection and payment protection.
Educate, test, repeat
For Chazan, a strong anti-cybercrime posture starts with culture.
“From the top of the business down to every employee, you have to have a culture of doing everything securely,” he says.
Second, he encourages continually educating your people alongside regular pressure testing.
“Constantly refresh staff with new educational content,” he says. “And test the company – for example, send out a fake phishing email to see who clicks on it and who doesn’t.”
Robust financial controls also mitigate risk. This includes establishing systems based on the principle of “least privilege”, whereby people only have access to the data and applications they need to perform their job – and establishing a process so that more than one person approves and checks transactions above a certain value.
This is vital because, as Chazan points out, we have reached the point where no incoming email or phone call can be trusted.
“Everything that comes in via email has to be verified,” he says, urging businesses to, at a minimum, use callback controls to verify banking details with suppliers before making payments – especially if those details have changed.
“Ask the right questions. Don’t just ask them to confirm that their details have changed, confirm what they’ve changed to, in case a fraudster intercepts the call,” he says.
Train your staff on conducting these checks and asking these questions – for instance, don’t use the phone number on the invoice or perform checks by email.
Invest in the right tech stack
Chazan says technology-enabled solutions are critical, too.
Ideally, this includes a collaborative approach to cyber security, leveraging multi-factor verification and a trusted network of other organisations.
Chazan uses Eftsure’s solution as an example.
“When Eftsure detects a fraudulent account in one customer’s data, we blacklist it in the [Eftsure] system, ensuring no other Eftsure customer will ever make a payment to it.
“If you’re fighting on your own, no matter how strong your security controls are, you really are alone. As part of a network, you’re much more protected, as each member is helping to protect every other member.”
Lastly, the right technology can mitigate the vulnerability that scammers are most likely to exploit: human error.
Payment fraud tactics tend to rely on employees skipping a step or making a mistake. However, technology adds an automated layer of security.
“Like anything in cyber security, nothing is a panacea on its own, but this is another brick in the wall to defend yourself,” says Chazan.