New research from Deutsche Bank and Economist Intelligence Unit (EIU) is warning companies that cybercriminals have a particular target in mind: the corporate treasurer.
Announcing the research this week, Deutsche Bank and the EIU found that corporate treasuries have a slew of sensitive personal and corporate data, making it a prime target for cybercriminals. Treasurers' authority to move large sums of cash also make it appealing to criminals, researchers said.
“Sophisticated cybercriminals often use social engineering and insight information to execute high-value thefts via corporate treasuries,” said Deutsche Bank head of cash management Michael Spiegel in a statement. “Our research has identified serious gaps in corporate defense, including vulnerabilities hidden with third parties and their subcontractors. This gives cybercriminals the opportunity to steal data.”
Nearly one-fifth of businesses surveyed do not vet their own suppliers' cybersecurity standards, checking whether those partners use the same identity authentication measures they do.
“This leaves an open door for fraud,” Spiegel warned.
According to the report, businesses and their suppliers rarely coordinate cybersecurity tactics, or their regulatory and compliance processes. While 92 percent of companies surveyed said they perform internal penetrating testing, a third do not do the same with external testing. Only about one-third (or 38 percent) say they require their own suppliers to conduct internal penetration testing.
The manufacturing, agriculture and agribusiness, energy and natural resources, construction and real estate and professional services industries are the worst offenders, according to the Deutsche Bank and EIU research, each industry with less than half of businesses saying they perform authentication testing. In fact, only a quarter of the professional services space does so.