[Column] Ryan Mer: How social engineering exploits business vulnerabilities
With the growing number of online transactions taking place each day comes a marked rise in cyber-attacks and security events. According to Ryan Mer, Managing Director, eftsure Africa, a Know Your Payee™ (KYP) platform provider, fraudsters are constantly finding new ways to exploit vulnerabilities and attack corporate payment systems. “Many scams, hacks and security breaches begin with social engineering, a term used to describe the act of convincing someone to divulge information that they shouldn’t share or take an action that’s not in their or the organisations best interests, such as clicking a suspicious link, or changing a supplier’s banking details” says Mer.
What makes social engineering so effective is that scammers rely on human impulses to be helpful, avoid conflict, and problem-solve quickly and effectively, in order to extract information or manipulate targets into taking action. Cybercriminals routinely rely on creating a sense of urgency in their victims. Mer says phishing messages and business email compromise (BEC) scams are designed to make employees more likely comply with a potential threat that they know they should report.
A recent INTERPOL report on the impact of Covid-19 on cybercrime has shown a significant target shift from individuals and small businesses to major corporations, governments, and even critical infrastructure. According to the report, cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by the pandemic. “The general consensus among information security experts is that eliciting a strong emotional response, like fear or uncertainty, make people more susceptible to a social engineering attack. Without robust internal controls, there is a greater likelihood that your organisation will face potentially costly human error”, notes Mer.
He adds that in many organisations there is a concerning disconnect between the theoretical controls in place and what actually happens in everyday business contexts. “Technology can help to close the gap and improve controls over key processes, like the collection of payment information and verification thereof. Internal accounting systems rely heavily on the integrity of the information inputted into the system which makes them vulnerable to error. Even with stringent sign-off procedures and appropriate segregation of duties, all amendments to information should be checked. Although business ERP systems have user rights and controls it doesn’t prevent a business from being exposed to potential internal fraud or an external hack.”
eftsure’s SaaS platform is making a big difference in businesses of all sizes by automating key checks and processes that would otherwise be vulnerable to manual, human error or manipulation. The fintech company provides verification of payee and payment data software to businesses to protect against payment fraud in the B2B sector: “We provide a platform to digitise and automate the verification of payees and eft payment data, on a continuous basis through our KYP technology. eftsure protects companies against fraud and error made through incorrect, fraudulently changed or maliciously altered payee information,” says Mer.