Something to Consider October 2018 – SEC Issues Warning About Business Email Compromise 

SEC Report Cautions Companies to Consider Cyber Threats with Internal Controls

“Business email compromise” (BEC) using cleverly socially engineered email communications are the new wave of fraud threat to businesses. I have not met a business in the past year that has not been the target of such attacks, AND, has not suffered losses as a result…

This is Phishing 2.0, and highly effective.

Cybersecurity experts view phishing attempts (67%) as the biggest vulnerability for accidental insider threats. Phishing 2.0 does not just trick employees into sharing sensitive company information by posing as a legitimate business or trusted contact, they trick employees into making ‘urgent’ bank transfers at short notice. And these funds can be hard to recover!

It has become such a significant threat, that the Securities and Exchange Commission (SEC) have recently issued an investigative report that outlined cyber incidents that public companies had experienced, causing fraudulent losses totaling hundreds of millions of dollars. The conclusion of the report is that public companies “should consider cyber threats when implementing internal controls.”

This is the latest priority for ICFR.

To read about this in greater detail, you can find the article here​​​​

Our ‘Something To Consider’ snippets are framed as small, digestible, ‘dashes of insight’ around the pillars of what we define as “World Class Finance” – Process Optimization, Financial Control and Compliance, and Risk Assurance, all underpinned by technology enablement and integration.