Industry news

Cyber Brief for CFOs: June 2024

Shanna Hall
3 Min
Cyber Brief For CFOs Banner

Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.

EOFY brings fresh tax scams and cyber risks

The end of financial year typically carries extra admin for finance professionals – which can mean less time and more stress. Scammers understand this all too well and typically look to capitalise on the bigger workloads of time-poor AP teams. Fraud attempts tend to spike as we lead into this busy period – and those in the public sector, including councils and healthcare organisations, seem to be targeted more heavily this year.

Unfortunately, the spike in attempts isn’t confined to Eftsure’s customer base. There are numerous media reports about the tax scams targeting individuals and businesses alike, including a throw-back flagged by Bendigo Bank in which scammers ask customers to open HTML files attached to emails. Experts have warned that small to medium-sized businesses are especially at risk since they often have smaller headcounts and fewer resources to minimise the demands of a hectic EOFY period. 

Keep your business safe this year by learning how to spot the signs and know the latest tactics: 

Anti-scam ‘intel loop’ to facilitate faster information sharing between sectors

The Australian Financial Crimes Exchange (AFCX) and National Anti-Scam Centre (NASC) have co-designed an anti-scam intelligence loop (“intel loop”), a system that allows faster sharing of verified scam information between agencies, banks, telcos, internet providers and social media companies. 

Participants can submit details like scam phone numbers and URLs to have them blocked across the loop. The shared data enables faster action against cybercrime tactics, like phone or SMS scams, fake websites and fraudulent ads. The loop will phase in broader information sharing, starting with a focus on SMS phishing scams. 

Moody’s Ratings: cyber risks may erode businesses’ creditworthiness

Cyber attacks pose a growing risk to company creditworthiness, according to credit rating agency Moody’s Ratings. The costs from attacks – including business interruption, ransomware payments and legal settlements – can lead to serious issues like loss of customers and broken revenue flows. This can strain liquidity and raise debt costs, while litigation and regulatory fines may further harm credit quality over time. 

While cyber attack disclosure requirements appear to be improving data availability, over a third of organisations operated with known exploited vulnerabilities last year. According to Moody’s analysis, cash-strapped, highly leveraged companies are most susceptible, whereas diversified firms with ample liquidity are better insulated from cyber incident credit impacts.

Survey: CFOs less likely to control cybersecurity budgets

A survey by consulting firm RSM US found that chief technology officers (51%) or security officers (42%) are more likely to control their organisations’ cybersecurity budgets, rather than chief financial officers (34%).

It’s a significant data point since cyber risks and measures for defending against them aren’t cheap. In fact, the average annual security center operations budget for large corporations sits around $14.6 million USD, according to a KPMG survey. RSM’s security lead said CFOs technically control all budgets, but giving CFOs’ greater oversight of cybersecurity spending can better align it with overall strategy versus simply adding to the tech stack. 

As the gatekeepers of their organisations’ finances, CFOs and their teams are popular targets for cybercriminals. If finance leaders aren’t involved in designing and driving security procedures, it can create gaps between tech teams and finance teams – gaps that scammers and fraudsters are more than happy to exploit. 

ASIC gets funding for new threat intelligence platform, inherits Australia Business Registry platforms

The Australian Securities and Investments Commission (ASIC) will implement a new cyber threat intelligence platform after receiving federal funding in the recent budget. Part of the allocated $206.4 million will go towards improving threat detection capabilities, according to ASIC chair Joseph Longo.

Longo said the investment is critical for making the agency more data-informed and exploring emerging technologies like AI and machine learning. ASIC has also received funding to “stabilise” the legacy Australian Business Registry platforms it inherited from the Australian Taxation Office in May 2024. 

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.