What CFOs can do to outsmart hackers


CFO SA and Absa CIB webinar reveals how finance professionals can get ahead of cybercrime.

Companies are increasingly having to deal with the fact that hacking is a real problem and preventing it is a business imperative. Recent cyber-attacks include Transnet suffering a ransomware breach in 2021, while there has also been a serious breach at TransUnion.

These attacks affect financial performance, as well as reputation, and could also see companies face serious fines levied by the Information Regulator if those affected are not notified.

According to Kaspersky, South Africa saw ransomware breaches double between January and April this year when compared to the same period last year. This is just one of the issues that needs to be tackled. Internet fraud led to R2.2 billion in losses last year and, as companies increasingly move to a digital world, this is a growing problem.

CFO South Africa recently held a panel discussion, sponsored by Absa CIB, during which Anathi Mkhize, Absa CIB product head of integrated propositions, John Molanda, Absa CIB sales head of transactional banking, and Bulela Mgobozi, Syspro Africa finance business lead, discussed how attacks happen, areas of weakness, and how CFOs can keep trying to close the doors on hackers.

Anathi explained that South Africa was the third most affected country when it comes to companies having been victims of economic crime in the past two years. “One of the challenges is how businesses are affected by cyber crime and fraud, which is partially because they have inefficient systems and controls.”

Main threats
Eighty percent of CIOs, CTOs, and IT directors believe that an attack is very likely, or inevitable, and that there will be negative consequences of an email-based threat. In fact, 2021 was the worst year on record for cybersecurity and phishing was the biggest culprit, occurring through email 96 percent of the time, he said.

The main threats, Anathi said, are social engineering, malware, trojans, and spyware. Denial of Service, which blocks people from accessing systems, is also a worry. Botnets are used to scale attacks and are another area that needs to be tackled. “As organisations continue to evolve digitally, so too do criminals. We really continue to be under threat. Increased payment fraud affects financial confidence as well as supplier confidence.”

Anathi added that there are also internal threats, which account for 50 percent of incidents, as staff work with external fraudsters.

Inefficient processes
Bulela said the payment process does not operate in isolation and needs a secure control environment across the company. Human resources also has to carefully screen when hiring new people. “An efficient and well controlled payment process is the last line of defence when it comes to ensuring that money goes where it should.”

When moving from one system to another, Bulela said that there is a risk as there could be unauthorised interception of files. As a result, accounts need to be verified with banks from the get-go. “If there is any change to these details, we need to have this recorded in terms of the audit trail, which includes where the change happened and who made the changes.” This will help avoid suppliers trying to divert payments through very sophisticated email notifications, she added.

Technology needs to be efficiently used, and 70 percent of time saved through not printing, stapling, and photocopying records, Bulela said. “These are unnecessary and outdated and need to be digitised and correctly submitted.”

Real-time information
John explained that a lack of real-time information creates a “fertile ground for fraud,” as it takes an average of 12 months for damage to be detected, which – on average – lead to a loss of $117,000 per company across the globe.

“Manual processes and lack of integration leads to weaknesses, and an ERP system needs to be linked to a banking system to eliminate fraud. Fraud must be detected through the reconciliation process, which needs to be done more than once a month, and automated to eliminate discrepancies.”

Vulnerabilities exist when it comes to loading and paying suppliers, yet there is an opportunity to verify details in real-time to eliminate these gaps. The more active a company is, the better the outcome in terms of cutting down on losses, he added.

He explained that fraud is concealed through the creation of fraudulent physical and electronic documents. These need to be weeded out through a strong, real time, control environment. “Fraud continues to be a problem, yet many businesses struggle to justify investments into preventative processes.”

Cyber-fraud is not just an issue for the IT department, it affects the entire company and needs to become a business imperative.

Related articles

Three CFOs’ guide to managing boardroom expectations

Productivity SA CFO Okuhle Sidumane, Sappi Southern Africa CFO Pramy Moodley and BMI Coverland FD Tammy Narain explain how effective expectation management helps them ensure every engagement with their board is a success.