Cyber Brief for CFOs: November / December 2024
All the news, tactics and scams for finance leaders to know for November / December 2024.
CFO Live, hosted by the Australian Financial Review, is the preeminent annual event that brings together that nation’s leading finance experts. CFOs from across the public and private sectors gathered to explore the opportunities and challenges that are likely to face finance departments in the year ahead.
This is a critical time for the Australian economy. As we begin to emerge from lockdown, many finance departments are grappling with a range of challenges. The widespread economic disruption has been a catalyst for many organisations to embrace digital transformation initiatives. These have helped facilitate business continuity through the pandemic by enabling staff to work remotely and customers to continue transacting.
At the same time, cyber-crime rates have escalated significantly, with scammers taking advantage of distributed workforces to defraud companies struggling to maintain their pre-pandemic financial controls.
For this reason, cyber security is now a top priority for the nation’s leading CFOs.
Once the purview of IT departments and specialist cyber security experts, there is growing recognition that the finance department has a critical role to play in preventing attacks against an organisation.
After all, cyber-attacks may be launched through vulnerabilities in ICT systems, but they are often financially motivated. The cyber-criminals are targeting the victim organisation’s finances, which are supposed to be controlled by the finance department. Only through a combination of vulnerable ICT systems and inadequate finance department controls can an attack succeed.
As a result, CFOs need to be part of the broader cyber security discussions within their organisations. That was the key message delivered by eftsure CEO, Michael Kontorovich, in a wide-ranging panel discussion alongside ASX CFO, Gillian Larkins.
Cyber-crime succeeds through both technology and psychology. Hackers may breach an organisation’s network perimeter by identifying and exploiting vulnerabilities. However, they may also use psychology to attack an organisation. Through social engineering, phishing or Business Email Compromise attacks, finance staff may be deceived into divulging system credentials, installing malware or transferring funds to an attacker’s bank account.
That’s why CFOs have a critical role to play in protecting their organisations. They need to ensure they have the appropriate systems and controls in place that prevent the theft of company funds.
Some of the other key take-aways from this year’s CFO Live include:
COVID-19 has played havoc on the ability of Australian organisations to attract skilled workers from overseas. As a result, there is now a critical shortage of people with technology skills in the country.
This is impacting the ability of many organisations to advance their digital transformation agendas.
Of course, digital transformation is not only important in driving efficiencies and enhancing user experiences. It is also critical in automating financial controls, for example in the fight against cyber-criminals. When organisations are overly reliant on manual controls, sophisticated attackers are more likely to find ways to circumvent them for financial gain.
Embracing automated digital controls offers organisations a far greater level of protection from financially-motivated cyber-crime.
For example, conducting manual spot checks of payment files leaves Accounts Payable exposed to making incorrect payments. This may allow fraudulent payments to slip through unnoticed. By contrast, having an automated technology solution, such as eftsure, integrated into accounting processes ensures every transaction is verified for accuracy before being processed.
So, a lack of skilled workers can have widespread implications for many organisations.
Westpac CFO Michael Rowland recognised this challenge. He identified emerging bottlenecks in financial transformation skills. This requires people with technology skills who can transform financial-oriented processes by automating them.[1]
Another important issue that should be occupying CFOs minds over the coming year is cyber resilience according to ASIC Commissioner Cathie Armour.
The pandemic caused many organisations to redirect resources away from cyber security initiatives towards other priorities that were needed to deal with the massive economic dislocation of lockdowns. Whilst that was initially understandable, Armour also pointed out that continuous disruption is the new reality and that organisations need to re-focus their efforts on developing cyber resiliency.[2]
According to the latest ASIC report into the cyber resiliency of the financial sector, SMEs are strengthening their cyber posture and are closing the gap on larger firms. While the cyber maturity of many smaller firms improved over the past year, larger firms have demonstrated decreased confidence in their cyber resilience.
Over the coming year, as lockdowns end, ASIC expects to see large organisations begin investing more in cyber security once again. This should result in a substantial improvement in the management of cyber security risk across Australia.
Jeremy Hirschhorn, Second Commissioner at the Australian Taxation Office advocated for a wider embrace of e-invoicing.
Not only can e-invoicing deliver significant savings and efficiencies to an organisation’s Accounts Payable function, it can help ensure suppliers are up-to-date with their corporate and tax compliance obligations.
Through the automation of invoicing systems, organisations can achieve tax rigour in supply chains. For example, e-invoicing, along with the ABN lookup functionality, can ensure that ABNs quoted by suppliers are valid and accurate.
For any organisation that procures goods and services from other businesses, early adoption of e-invoicing could be the necessary prompt for small business suppliers to take up e-invoicing solutions.
Hirschhorn also recommended that Accounts Payable teams ask suppliers for a statement of tax record, to verify their compliance with the tax system.
With Australian finance leaders now acutely aware of the risks posed to their organisation’s finances from surging cyber-crime, it is critical to embrace a multi-layered security strategy.
It’s not enough to provide finance teams with cyber-security training. Cyber-criminals are increasingly sophisticated and are identifying ways to circumvent staff and manual controls. Finance staff are not trained or equipped to handle the threats. Expecting them to be your only line of defence is both unfair and will ultimately not succeed.
An automated solution, such as eftsure, helps protect your organisation by cross-matching all outgoing payments against our trusted database comprising over 2 million Australian organisations. It gives you confidence that when you pay an invoice, the funds are going to the intended recipient and the invoice has not been manipulated by fraudsters.
Contact eftsure today for a full demonstration of how we are helping organisations around Australia protect their financial assets from cyber-crime.
[1] https://www.afr.com/companies/financial-services/tech-worker-shortage-a-disruptive-force-for-growth-plans-cfo-20211206-p59f2b
[2] https://asic.gov.au/about-asic/news-centre/speeches/the-cfo-agenda-a-regulator-s-perspective/
All the news, tactics and scams for finance leaders to know for November / December 2024.
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
The finance industry is undergoing a major transformation thanks to the rapid adoption of AI technology. Much of this trend has been …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.