Cyber Brief for CFOs: November / December 2024
All the news, tactics and scams for finance leaders to know for November / December 2024.
In the battle against cyber threats, the greatest vulnerability often lies not in sophisticated hacking techniques but in simple human mistakes. Recent findings from the OAIC Notifiable Data Breaches Report (January–June 2024) reveal that 30% of data breaches are caused by human error, highlighting the pressing need for finance teams to bolster their training and awareness. As incidents continue to rise, understanding these risks is crucial for protecting sensitive financial information.
Here are the most critical findings from the report that finance leaders need to be aware of, especially when compared to the previous reporting period (July to December 2023):
Non-cyber incidents caused by human error, such as sending sensitive information to the wrong recipient, accounted for 30% of breaches, making it the second-highest cause after malicious attacks. This figure has held steady, reinforcing the notion that the human element remains the Achilles’ heel in cybersecurity.
The finance sector reported 49 incidents in the current period, a decrease from 58 incidents in the previous period. The healthcare sector reported 59 incidents, down from 62 incidents, indicating ongoing vulnerabilities within both sectors.
Cybersecurity incidents accounted for 38% of breaches, with phishing and ransomware taking centre stage. This reflects a 12% rise in malicious breaches compared to the previous period, indicating that attackers are not only persistent but also increasingly sophisticated.
There’s a slight improvement in the time taken to identify breaches, with 64% identified within 10 days, compared to 61% in the previous period. However, around 23% were identified more than 30 days post-breach, meaning the risk of exploitation remains a pressing concern.
The OAIC reported a total of 527 data breaches in the first half of 2024, marking a 9% increase from the previous reporting period. This surge indicates an ongoing challenge for organisations to protect sensitive information and highlights the urgency to enhance their data protection measures.
The MediSecure ransomware attack in May 2024 exposed the personal and medical data of 12.9 million Australians. Hackers accessed this data through a third-party vendor, which underscores the importance of vigilance and robust vendor management.
For finance teams, this incident highlights several key risks:
As the landscape of cyber threats evolves, finance departments find themselves in the crosshairs. Here’s a breakdown of specific risks:
To counter these escalating threats effectively, finance leaders should consider the following proactive measures:
All the news, tactics and scams for finance leaders to know for November / December 2024.
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Discover key trends from SXSW’s “Friend or Foe: Whose Side is AI on in the Digital Scam Wars?” and how AI is transforming both fraud prevention and execution.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.