Cyber Brief for CFOs: April 2024

Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.

Small businesses say cyber threats are biggest concern

A MetLife survey found that six out of 10 small businesses view cyberattacks – including phishing and ransomware – as their biggest concerns, yet fewer than half have trained employees on cybersecurity measures. Despite this, 73% feel prepared for an attack.

It mirrors some of Eftsure’s own research, which found that a staggering 90% of finance leaders felt global cybercrime was increasing, yet nearly one in five small businesses say they aren’t using any anti-fraud controls. While small businesses face unique challenges in resources and capacity to minimise cyber risks, they aren’t alone – late last year, CEOs from major corporations said cyber attacks were the business risk most likely to keep them awake at night. 

Want to hear what it’s actually like for a small business owner to experience a cyber attack? Don’t miss our conversation with Lance Rubin, founder of financial modelling consultancy Model Citizn, as he talks about how a cyber attack left him reeling – and how his business managed to avoid catastrophe. 

Compromised insiders are aiding cyber threats from nation-states

Organisations face heightened cyber threats from nation-state actors seeking access to networks, according to DTEX Systems – and insiders are often helping them get that access. Customer requests for protection against foreign interference have risen 70% since 2022, mostly from critical infrastructure and the public sector. 

Nation-states often weaponise technology to socially engineer trusted insiders and conduct espionage, data theft, and disruption, typically targeting sectors with valuable intelligence. Don’t think your organisation would be an attractive target? Think again. In our conversation with a CFO who experienced a cyber attack, we know that organisations could be on the cyber frontlines if threat actors realise your clients may have sensitive intelligence – especially any clients in areas like government, critical infrastructure or tech.

Compromised or negligent employees are some of the most common types of insider threats. Learn how to minimise your risk of an insider incident.

WARNING: Risks of fake invoice scams sky-rocket after smoke alarm data breach

Watchdogs are sounding the alarm over the possibility of surging invoice fraud, thanks to a major data breach. Cybersecurity researcher Jeremiah Fowler has revealed that Smoke Alarm Solutions – one of Australia’s largest smoke alarm companies – left hundreds of thousands of customer documents exposed online for nearly three months without password protection. 

The 762,856 documents total 107GB and include over 355,000 detailed invoices, inspection records, quotes and reports containing sensitive customer information like names and email addresses. The researcher warns the data was “very likely” accessed by malicious actors, as the unprotected database provided fodder for scams like phishing attempts that impersonate the company. 

Dozens arrested in takedown of cybercrime platform

An international police operation has led to the arrests of five Australians and 32 others globally. As part of a 10,000-member criminal community, perpetrators used the LabHost phishing platform to create fake websites impersonating banks, governments and major organisations. 

The platform enabled users to distribute phishing emails and texts to victims, tricking them into giving up personal data. In other words, it was a cybercrime-as-a-service platform, removing hurdles for threat actors and facilitating the exact type of attacks that are often used against businesses’ finance employees. 

The operation took down LabHost’s domain and 207 phishing sites, with Australian arrests involving over 200 officers executing 22 search warrants across five states.