Corporate treasury is a top target for cyber-criminals
A report from Deutsche Bank and Economist Intelligence Unit shows only 38% of firms require all third-parties to undergo penetration testing…
A survey conducted jointly by Deutsche Bank and Economist Intelligence Unit has shown that corporate treasury is a top target for cyber-criminals, due to the trove of personal and corporate data, its authority to make payments and move large amounts of cash and its often complex structure.
“Sophisticated cyber-criminals often use social engineering and inside information to execute high-value thefts via corporate treasuries”, said Michael Spiegel, Head of Cash Management at Deutsche Bank. “Our research has identified serious gaps in corporate defense, including vulnerabilities hidden with third-parties and their subcontractors. This gives cyber-criminals the opportunity to steal data.”
Since an increasing number of treasuries have outsourced their back-office and payment factory processes to shared services, treasury departments are particularly vulnerable., with the risk posed by insecure third-parties is particularly high.
According to the research, almost every fifth company (19%) doesn’t check whether their suppliers use the same methods for identity authentication as they do, leaving “an open door”, according to Spiegel. Often, companies and suppliers don’t coordinate regulatory and compliance rules, nor do they always ensure that information security requirements which apply to third-parties are also extended to their subcontractors. Even though almost all companies in the survey performed internal penetration testing (92%), one-third of companies (33%) do not conduct external testing. Only 38% of companies require all of their third-parties and suppliers to perform penetration testing.
Sectors with the lowest percentage of authentication testing are, according to the research, manufacturing (43%), agriculture and agribusiness (38%), energy and natural resources (32%), construction and real estate (31%) and professional services (25%).