Cyber crime

Cyber Security Awareness Month 2022

photo of niek dekker
Niek Dekker
6 Min
cyber-security-awareness-month-2022-Australia

Cyber security awareness month is an initiative where government agencies and private industries collaborate to raise national cyber security awareness month every October. The month is dedicated to sharing resources to educate business leaders and IT decision-makers on the new threat landscape, implementing best practices and fraud-tackling strategies.

Cyber.gov.au announced the first week’s theme is ‘Have you been hacked?‘ With the recent Optus data breach, consumers are worried whether their information can be used against them to commit payment fraud or if fraudsters are potentially going to carry out further attacks on other businesses.

This blog explores how to detect warning signs if you suspect your sensitive information has been compromised.

How Do I Know If I’ve Been Hacked?

With the current threat landscape rapidly evolving, sophisticated cyber criminals are targeting businesses from all angles. It is crucial that you stay aware and up to date on the types of techniques fraudsters to identify if your organisation has been compromised.

Sometimes, a data breach can be obvious. Other times, it is more deceptive. Here are key indicators to look out for:

1. Unauthorised Transactions & Bank Activities

It is no surprise that most cyber criminals’ main motivation behind their attacks is financial gain.

One clear indicator to know if your business has been infiltrated is if you identify unauthorised transactions and unusual bank activities. It may be obvious to spot that large funds have disappeared from your business account.

However, for SMEs, it could be unknown that a hack took place if perpetrators discreetly withdrew insignificant amounts. If you suspect your financial information has been compromised, there are a few things to look out for:

  • Duplicate payments
  • Suppliers with cancelled or returned checks
  • Abnormal invoice volume activity
  • Rounded invoice amounts
  • Transferring funds to an unknown BSB and account number
  • Unknown created business accounts

Accounts payable (AP) departments should ensure that all transactions are visible and transparent to minimise the risk of payment fraud. A good tip for organisations is to conduct external audits annually to detect and eliminate fraud such as false billing schemes, expense reimbursement schemes and check tampers.

2. Unusual Account Behaviour or Suspicious Logins

Another indicator is if you identify unusual account behaviour on accounts like unusual granted permissions or unknown users. For instance, you might not be able to access your ERP account, bank account, invoicing software or email account using your username and password.

The tactic behind the attack is to gain access to sensitive files including personal information, phone numbers, credit card details or email addresses while locking you out to restrict your access.

If the information has landed in the hands of the attacker, they may attempt the following:

  • Business identity theft
  • Defraud your organisation
  • Commit Ransomware to return stolen data
  • Sell data on the dark web
  • Share data with other dangerous organised criminals

Organisations should be quick to act if they have been compromised. If you fall victim to a data breach then it’s crucial you act immediately and follow your data breach response plan.

3. Unexpected Software Installs & Malware

Another sign of a data breach is if you identify any unexpected software installed on your work device such as laptops, tablets or mobile devices. This is referred to as potentially unwanted program (PUP) which includes spyware, adware, or keyboard loggers.

PUPs typically appear when downloading a new program and going through the installation process impulsively. In addition, malicious software (malware) is a continuous method attackers use to infiltrate your organisational network through fake email attachments or visiting a fraudulent website.

Malware is a notorious method that can be delivered in several forms depending on the intention of the hacker who orchestrated the attack. Malware types include:

  • A computer virus designed to reproduce itself and spread across files or programs
  • A Trojan horse design to damage, disrupt, steal or in general inflect harmful action on your data or network
  • Much like a computer virus, a computer worm that spread across networks as opposed to a virus that spreads across files

Why Do People Hack?

Cyber criminals have various motives as to why they commit fraudulent activities. To reinforce this, organisational data is valuable information to criminals. This means that organisations of all sizes can be potential targets for falling victim. We explore five primary reasons why fraudsters target enterprise businesses:

Financial Gain

It is no surprise hackers’ primary motivation is to defraud your organisation through payment fraud schemes. Hackers will often target small-to-medium enterprises due to the lack of sophistication in cybersecurity controls of the business. The effort involved in targeting SMEs is minimal, having cyber criminals work less to achieve the same level of cyber attack.

For organisations, severe consequences that occur in the aftermath of a cyber attack. For instance, once a cyber criminal has infiltrated your organisation’s network or deceived your AP’s department, they may generate duplicate credit cards or steal the identities of victims to sell on the dark web.

Vulnerability Scanning

Another objective for cyber attacks is vulnerability scanning. This act involves hackers identifying security vulnerabilities by inspecting potential entry points that they can exploit on a computer or network.

Unlike penetration testing, vulnerability scanning allows criminals to plan & target low-hanging fruit because of the lack of education and resources of an organisation. As a result, this tactic can lead to business identity theft, malware or ransomware.

Religious, Political or Social Beliefs

Hacktivism is the act of hacking or infiltrating a network system with religiously, politically, or socially motivated purposes. According to Cyber.gov.au, hacktivists may target organisations using techniques aimed to cause disruptive or destructive harm. This can result in collateral effects on organisations beyond the primary intended targets.

Primarily hacktivism is carried out by an individual or group’s perception of what they consider to be fair or unjust. An example of a real-world hacktivist group is identified as “Anonymous.”

Anonymous is behind some of the largest hacktivist attacks in history, with 2022 seeing the group declare cyberwar on the Russian Ministry of Defence. Despite government efforts, organisations should be aware of hacktivists and the business disruption they may bring.

Espionage

Corporate espionage, also known as industrial or economic espionage, is a form of espionage conducted for commercial purposes. The purpose of corporate espionage is to achieve a competitive advantage in the marketplace by performing improper or unlawful theft of trade secrets or other knowledge.

Both governments and private organisations can be victims of espionage however, the motivation behind the hacker to commit espionage is dissimilar. Typically, governments are compromised due to state secrets whereas private organisations are compromised to seek trade secrets.

CFOs Must Take Ownership of Their Cyber Crime Strategy

With the increased cyber security threats landscape involving deep fakes, business email compromise and malware, CFOs must be involved in every stage of their organisation’s internal cyber security conversations, planning and execution.

During this year’s cyber security awareness month, AP departments can increase their security awareness training so that they are more equipped to identify potential attacks and respond with the appropriate action.

Taking a step further in strengthening security controls and staying secure online is having Eftsure sitting in your accounting function. You can identify errors, fraud, and fraud attempts before releasing funds by verifying the bank account name, BSB and account number.

The Essential Cyber Security Guide for CFOs
Understand the full range of cyber threats facing the modern CFO.

It's the critical information you need to stay one step ahead of cyber criminals and prevent your organisation becoming a victim.

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.