Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
If there’s one lesson out of the Optus breach that should be clear to all CFOs by now, it’s this: the cost of chaos from cyber-crime can cripple even the largest organisations.
If you think the amount criminals steal from you is the only cost of cyber-crime, think again! The chaos that ensues from a cyber-attack can result in many unforeseen hidden costs.
In this blog, we explore 6 ways cyber-crime costs your organisation big time:
Think your cyber insurance has you covered in the event of experiencing in a cyber-crime event? Make you to read the fine print.
Many cyber insurance policies avoid covering the most common types of cyber-crime, such as Business Email Compromise (BEC). They avoid paying out for crimes such as BEC by claiming the loss was incurred through human error, rather than as a result of any breach of a computer system.
According to many cyber insurance providers, the accounts payable (AP) officer should have more carefully checked who they were sending money to, and not simply trusted the information contained in an invoice. Cyber insurers avoid paying up because they claim the fraud occurred due to negligence.
Even in the event that a cyber insurer does payout for a BEC attack, be warned – you will likely be stung by much higher premiums moving forward.
Many organisations spend years building up strong relations with their suppliers. After all, they often rely on their suppliers to provide high-quality inputs without which their business would not function.
When a cyber-attack, such as BEC, results in suppliers not receiving timely payments, it can result in all sorts of knock-on effects for the supplier. The supplier may experience constrained cash flow, not to mention difficulties meeting their own payment obligations.
If, as a result of the BEC attack, the supplier needs to wait a protracted period of time to receive payment, there is a strong likelihood that your relationship with that supplier will be permanently undermined.
It may not be so easy finding an alternative supplier, particularly at a time of widespread supply chain constraints.
Learn what it takes to strengthen your supplier relations.
One of the consequences of interconnected supply chains, is that any disruption with one supplier can undermine a business’ entire operations.
This is particularly the case for businesses that rely on just-in-time supply chains. This is where a business takes delivery of essential inputs right at the time when they are needed. This approach saves a business the cost of storing and managing large inventories of supplies. However, it also means that the business is particularly susceptible to any supply chain disruptions, as it has no reserve stock to fall back on until supplies resume.
In the event a BEC attack disrupts supplies from one supplier, the entire business could end up grinding to a halt, costing a fortune in unfulfilled contracts and lost market share.
Not only can a BEC attack result in cash flow difficulties for your supplier who does not receive the payment they are owed. It could also cause your business significant cash flow challenges.
Consider the following scenario. You order a piece of machinery and receive an invoice from the supplier. Unknown to you, the bank details in the invoice were manipulated by a cyber-criminal. You transfer the funds, thinking they are going to the supplier that supplied you the machinery, but you inadvertently send the funds to the scammers.
Now your supplier is out of pocket as they have not received the payment for the machinery. However, your obligation to pay the supplier the money they are owed doesn’t disappear. Despite the fact that you have sent the funds to the scammers, you are now legally obligated to send the funds to the legitimate supplier. In effect, you have paid for the machinery twice.
The result can be serious cash flow challenges for your business.
See our review of Canberra Hydraulics and the court ruling that proves you must pay a supplier invoice, even if you inadvertently send the funds to the cyber-criminals.
In the event that one member of your AP team gets conned by a cunning cyber-criminal, resulting in a BEC attack, staff morale can plummet.
AP staff are on the front line in the war against cyber-crime. Attackers regularly target AP teams, knowing that they hold the keys to the kingdom – namely your bank accounts.
When a busy AP officer is deceived into sending funds to a cyber-criminal’s bank account, that staff member is likely to experience feelings of shame and guilt. These are feelings that can spread throughout your accounting department. It will also lead to anxiety among many staff members that they too could be targeted.
The result of all this could be lower productivity, higher staff absenteeism and increased staff turnover. All these will impose significant costs on your business.
Learn how to reduce stress in accounts payable teams.
Being targeted in a cyber-attack is one thing.
Suffering heavy losses because your defences were weak is another matter entirely.
In the event that your organisation faces significant financial losses due to a cyber-attack, such as BEC, questions will be asked by shareholders, investors, and the public at large. There will be heightened scrutiny on whether the right controls were in place, and whether all proper procedures were being adhered to.
There will questions as to whether the management team are competent. Some may even call for new management to be brought in.
This loss in confidence in the management can be corrosive and can damage the careers of highly professional individuals.
Ironically, it can lead to a protracted period of instability for the business, which can even undermine its profitability.
The cost of chaos that ensues from cyber-crime is real. It extends far beyond any money that was stolen by the criminals.
As a business leader, you should have multiple layers of security in place that protect your organisation from the financial flow-on effects of cyber-crime.
Eftsure sits on top of your existing accounting processes. Each outgoing payment is checked in real time to ensure it is being sent to the intended, legitimate third party. This helps mitigate your risk of serious cyber-crimes, such as BEC.
Contact Eftsure today to protect your organisation and avoid the costs of chaos.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.