This webinar discusses cybersecurity threats facing businesses, including payments fraud, email compromise, and data breaches. It provides statistics on the cybercrime economy and COVID-19 related cyber attacks. The presentation introduces the Withum cybersecurity team and their expertise. It also outlines security best practices for businesses, such as conducting risk assessments, implementing controls like multifactor authentication, and creating an incident response plan.
2. Housekeeping
• 1 CPE credit in Information Technology - be sure to
participate in the polls to be eligible
• Webinar is being recorded - Slides and recording will
be emailed after the webinar
• 50 minute session
• 10 minute Q&A
• Send in your questions!
3. The contents contained within this slide deck may contain
basic and preliminary observations. We also refer to some
generally accepted principles for forensic investigations.
All observations are subject to further investigation and
explanation of facts and are therefore subject to change.
Additional evidence and forensic analysis may be required to
support any findings or observations.
Disclaimer
4. Objectives
Introductions
Understanding the Threats
Cyber Criminals Monetizing Your Data; Fraud and Phishing and so much more
B2B Fraud Statistics
How a Cyber-threat actor(s) can destroy your business and why you are a target…
Cyber Threat Intelligence: Know your enemy & vulnerabilities…
How to Protect your business…
Final Thoughts
Ask an Expert…
22. Confidential
22
Confidential
22
The Scope of the Threat
66%
of respondents report
experiencing some form
of B2B payment fraud
attack within the past 2
years
Source: Capital One B2B Payment Security Research
23. Confidential
23
Confidential
23
Informational Purposes Only
Source: Capital One B2B Payment Security Research
Not a
priority for
leadership
Minimal
value add
Disruptive to
operations
Too
expensive
Difficult to
implement
In the
process of
updating
Need to
retrain
employees
User
friction
33%
29%
24%
20%
17%
15%
31%
11%
Businesses Report their Top Barriers to Updating Fraud Security
Neglecting the Significant Impact of Fraud
24. Confidential
24
Confidential
24
https://www.capitalone.com/learn-grow/business-resources/avoiding-business-fraud/
Source: 2020 AFP Payments Fraud and Control Report | www.AFPonline.org . The information contained herein is shared for educational purposes only to help clients protect themselves from fraud. It does not provide a comprehensive list of all types of
fraud, all departments that are vulnerable to fraud, or all best practices to tackle fraud. Nothing contained herein shall give rise to, or be construed to give rise to, any obligations or liability whatsoever on the part of Capital One.
Percentage Distribution of Organizations
Popular Targets of Fraud Within an Organization
Departments Most Vulnerable to Being Targeted by Business Email Compromise Fraud
25. Confidential
25
Confidential
25
Informational Purposes Only
Source: Capital One B2B Payment Security Research
B2B Payment Fraud by Attack Method
Within the past two years, has your organization experienced any of the below fraud attacks in regard to B2B payments?
Phishing/
Business Email
Compromise
Data
Breach
Note: N=225
Malware/
Ransomware
28% 27%
Account
Takeover
15%
Cashflow
scams
14%
Internal fraud /
Employee theft
13%
Other
1%
36%
The Most Common Methods of Fraud
26. Confidential
26
● A spoofed sender
domain
CEO fraudsters usually register a domain
similar to its target. Examples
About Business Email Compromise
From:
Sent: Wednesday, April 18, 2018 2:11 PM
To:
Subject: Re: INVOICE NO 17150 CIS# 105013
Were you able to initiate wire to ???
From:
Sent: Wednesday, April 18, 2018 3:48 PM
To:
Subject: Re: INVOICE NO 17150 CIS# 105013
Kindly, advise when wire is released.
● An urgent email
subject requesting
immediate
fund transfers
BEC scams typically use subject lines
that imply urgency regarding payment
inquiries or fund transfers.
● Position of the email sender
Cybercriminals employing CEO fraud typically pose as
someone influential in an organization.
● Body of the email
Scammers make it appear as if the fund
transfer is urgently needed and should be
executed as soon as possible.
From:
Sent: Friday April 6, 2018 3:07 PM
To:
Subject: Invoice No 17150 LLC
Could you please process this invoice from LLC. Kindly,
send me Wire Slip.
Thanks!!
27. How to protect a Business from Cyber Attacks
“Know your enemy and know yourself - Sun Tzu”
36. Confidential
36
Tech Tips
Make It Hard
for Them
Don’t Know….
…..Don’t Click
Process Tips
Please note the information and tips contained herein are shared for educational purposes only to assist our clients in the joint fight against fraud and should not be construed to
create obligations on the part of Capital One
Informational Purposes Only
Tips to Help Tackle B2B Fraud
37. Confidential
37
● Use strong and different passwords.
● Never put sensitive data
on unsecured computers.
● Consider adopting multi-factor
authentication.
● Use controls available to you.
● Never respond to suspicious emails,
open attachments or click hyperlinks.
● Use known phone numbers
to verify changes.
● Check sender’s email addresses.
Tips to Help Tackle B2B Fraud
Make It Hard
for Them
Don’t Know…
...Don’t Click
38. Confidential
38
● Carefully monitor account activity and
review all transactions on a daily basis.
● Leverage reporting and alerting tools
that your FIs provide.
● Evaluate your internal controls and
conduct an annual risk assessment.
● Maintain a high level of awareness
across your staff.
● Insist that your suppliers use the same
methods of identity authentication as you.
● Always update software and systems.
● Use anti-virus and anti-malware
software that updates automatically.
● Dedicate a computer exclusively for online
banking transactions, nothing else.
● Restrict administrative rights to install
software to IT staff.
Tips to Help Tackle B2B Fraud
Tech Tips Process Tips
40. For More Information, Please Contact
Withum Cyber
WCyber.info@withum.com
Eric Jackson
+1 (402) 867-7432
ejackson@withum.com
Stephen Susnak
+1 (646) 988-6035
stephen.susnak@capitalone.com