Webinar recap: Billions at risk - Sleeping security threats lurking in your supply chain

Dan Wilson   |   June 11, 2024
Webinar recap: Billions at risk - Sleeping security threats lurking in your supply chain
6:12

 

It was a great pleasure to host Gavin Levinsohn, Chief Growth Officer at Eftsure, as he presented to our audience an insightful and informative session about the growing rate of cybercrime and risks exposed to your organisation and supply chain. 

Gavin’s presentation was brought to life with real case studies and examples, highlighting the fact the threat of cybercrime is a real and a good strategy is essential to keep your employees knowledgeable and your organisation safe. As Gavin explains in his webinar, a good cybercrime strategy is broader than Felix and Eftsure but the tools we offer are key components in that journey. 

Below is a summary of what was covered.

For B2B payments, banks don’t match BSB and Account Number to Account Name 

While Pay ID and CommBank’s NameCheck have been steps in the right direction to further protect individuals from fraud, there are still substantial limitations around what banks are doing to help combat fraud for businesses. 

A key vulnerability for fraud in businesses is in an organisation’s vendor management, and the validity of vendor details. Fraudsters target an organisation’s processes and internal controls – and by the time you’re checking a payment, it’s late in the piece. 

As banks don’t check payment details against an account name for BSB, this presented a business opportunity for Eftsure and an integration opportunity with Felix 

Listen in to this section from the five minute mark. 

Cybercrime is a (highly) organised crime 

Cybercrime is a commercial crime and not the ideology of a hacker that Hollywood promotes – they operate as commercial companies with shareholders and KPIs, and they recruit talent. 

At the 11.30 minute mark in the webinar, Gavin goes into great detail about the commercial nature of cybercriminal organisations, how they recruit on the dark web and what countries they tend to operate from.  

When it comes to scams and fraud, the objective is to get money – and the target isn’t your organisations systems, it’s your staff through vendor impersonation and email compromise or even executive impersonation. Gavin speaks to two real-life case studies: 

  1. At 19.20 minutes – Gavin provides an example of how a vendor’s email was compromised by fraudsters, asking for bank details to be changed for an upcoming payment. Fortunately, this organisation was already a customer of Eftsure and were able to identify and prevent the scam from happening. This example also speaks to the heart of the Felix and Eftsure partnership as a solution to secure your vendor management so that it’s not vulnerable. 
  1. At 25 minutes – Gavin provides another example of an organisation’s executive having their email compromised to impersonate them. Luckily, recipients were knowledgeable of signs that indicate a phishing attack and this was brought to their attention, however this example highlights how it isn’t always about money loss - there’s also legal costs, system downtime and reputational risk when subject to scams or fraud. 

zoom scam

Data breaches and your information on the dark web 

Optus and Medibank were two high-profile data breaches in 2022, and more recently in the news has been Ticketmaster and Ticketek. The size of these breaches are substantial, and criminals dump stolen data on the dark web for fraudsters to buy. 

What can fraudsters do with your personal information? Get some alarming insights from Gavin at the 29 minute mark as to just how easy it is for criminals to create a digital footprint from stolen data and build out a sophisticated scam. 

AI is amplifying and accelerating cybercriminal efforts 

AI is being used to improve the language used in written emails from scammers, to impersonate someone’s voice in a matter of moments and to impersonate likeness through video. At 32 minutes, Gavin provides an example of a deepfake video scam that cost a company $25 million dollars when an employee was led to believe that they were in a video meeting with colleagues, yet they were the only human on the call. And if this isn’t alarming enough, Gavin also explains how companies are selling software and tools to support the business of cybercrime. 

ai scam

Limitations of manual controls 

At 35 minutes, Gavin briefly explains how all the above scenarios stack up and become a real challenge the manual controls your organisation might have in place, and the need for a suite of controls.  

Having a good cybercrime strategy 

At 35.5 minutes, it’s explained how a good cybercrime strategy has multiple angles to consider: 

  • Training: Staff need to know how to stop scams if you don’t know what to look out for. 
  • Culture: Having a high-shame threshold encourages staff to speak up when suspicion arises.  
  • Internal controls: And the need for organisations to manage staff exits (and get back access controls) really well. 
  • Pressure testing: While these tests usually focus on cybersecurity systems, they also need to test financial controls.  
  • Technology: Strong vendor management and payment protection needs to be considered in a suite of technology controls.  

cybercrime strategy

Protecting your organisation and its supply chain from payment fraud 

As touched on at various points throughout the webinar, Felix and Eftsure have partnered to take the pain away from vendor account validation process and to provide Felix customers with confidence in knowing that the bank details supplied by vendors are legitimate.  

Kristy Dale, Felix’s Product Marketing Manager, joins Gavin at the 38 minute mark to talk more about a newly released integration to help identify error, fraud and scam attempts during vendor onboarding. 

Further to what’s presented in the webinar, you can learn more about the Felix-Eftsure integration on our website and watch a demo video to see it in action. 

----- 

Learn more about how you can proactively protect your business 

Dan Wilson
Dan is Felix's Chief Revenue Officer, and has been an expert in the procurement technology field since 2012. During this significant time of change and technical innovation, Dan has been at the forefront of Felix's efforts to listen to the real-world problems facing procurement organisations and then create smart technology solutions to equip enterprises of all sizes and from all industries, with all the tools they need for smarter, more efficient, less risky and more connected procurement.
Follow me:

Related Articles

Risk mitigation
Q&A recap: Risk mitigation in the wake of COVID-19 webinar

The following is a recap of the Q&A section from our live webinar in April. I spoke with Peter Deans, former Bank of Queensland Chief Risk Officer. The interview has been lightly edited for clarity.

Felix News
Year in Review 2023: A dynamic landscape for construction and mining

The year 2023 was a dynamic one for the construction and infrastructure sectors in Australia. While challenges like project cost blowouts and workforce shortages dominated headlines, there were also positive developments, including renewed investor interest and significant progress in sustainability. Let’s look back on the key themes that shaped the industry this year.

Risk mitigation
Governance risk compliance management in 2022 for construction

Legal and ethical compliance management comes at a cost. But what about the cost of non-compliance? When your construction supply chain is effectively your third-party vendors and subcontractors, their awareness of and adherence to the rules can be make-or-break.

Let's stay in touch

Get the monthly dose of supply chain, procurement and technology insights with the Felix newsletter.