The Russian security company Kaspersky reported today that a $1bn could have been stolen from some 100 banks over the last two years.  

Methodology

The attacks were all said to have been mounted by an international criminal gang referred to by the investigators as Carbanak and said to have representatives in Russia, Ukraine and other parts of Europe, as well as China. According to Kaspersky, the gang penetrated banks’ systems by using a technique called spear phishing in which individual employees are targeted with emails that secretly release malware into a company’s system once they are opened.

According to the Financial Times, “The malicious code then sought to identify and study the activities of officials with authority to transfer large amounts of cash, using the knowledge to shift amounts of up to $10m to special accounts that had been set up in banks in China and the US.” In some instances, actual customer accounts were artificially inflated and large sums transferred to bogus accounts, while in others the money was dispensed at pre-set times and destinations through cash machines under the control of the hackers. 

Why wouldn’t this work in the corporate treasury department’s systems?

Preventing cyber attacks

There many lists of how to prevent cyber attacks, including very thorough lists from McKinsey and UK’s GCHQ:

• seven vital lessons from McKinsey’s research on cyber risks: The new cyber security enterprise operating model required to survive | C&TM File
• 10 steps for Cyber security from UK’s GCHQ: 10 steps to Cyber security from UK’s GCHQ | C&TM File

Don’t forget OCCUPATIONAL FRAUD is already 1,000 times bigger than cyber fraud risk IS EXPECTED to be

It is easy to get excited about cyber risk, but don’t forget that the forecast cyber fraud is still small compared to occupational fraud, which ALREADY costs the global economy $3.5tr each and every year, see ACFE’s report. Maybe you need to review their 11 point occupational fraud protection checklist.