Technology

Double-edged sword

Published: Nov 2024

From deepfake CFOs to supply chain attacks, the risk of cyberattacks is a more pressing concern than ever for corporate treasurers. At the same time, the role of AI in cybersecurity is becoming increasingly topical, with companies concerned about AI-powered threats – while also exploring the benefits of AI-powered solutions.

Person using thumb print to unlock technology system

For corporate treasury teams, protecting their organisations from cyberattacks is an increasing priority. The Business of Treasury Report 2024 published by the Association of Corporate Treasurers (ACT) found that “nearly all those asked cited cyber security as a concern”, with 80% of respondents saying they are investing in cybersecurity measures, up from 69% two years ago.

George Dessing, Executive Vice President, Treasury & Risk at information services and solutions provider Wolters Kluwer, notes that cyber risk is “one of several key risks we focus on. As a digital global information service provider for professionals, it is top of mind for us and our customers, who rely on us to deliver our platforms and services safely and reliably, while safeguarding their data.”

He notes that while the fundamental nature of cyber risk may not have materially changed over the years, “the volume and speed at which it now travels fundamentally affects the frequency and impact of the risk. This requires constant monitoring of developments and updates to risk management strategies to ‘stay ahead’ of the threat actors.”

Current risks

“From a treasury management perspective, the most significant cyber threats facing corporations include ransomware attacks, phishing schemes and insider threats,” comments Steve Wiley, Vice President, SaaS Treasury Solutions at FIS.

He notes that these threats have become increasingly sophisticated, making use of advanced tactics such as deepfake technology and AI-driven malware. “The landscape is evolving with an increase in targeted attacks that exploit vulnerabilities in financial systems, aiming to manipulate or steal large sums of money swiftly,” says Wiley. “This necessitates continuous vigilance and adaptation of cybersecurity measures to protect sensitive financial data and critical operations.”

In the current environment, treasurers need to be aware of a variety of different threats:

  • AI-powered threats. AI-powered threats are a growing concern for security professionals. For example, a recent survey by Pluralsight found that 56% of IT security professionals were concerned about AI-powered threats, such as sophisticated phishing campaigns and self-evolving malware.

    Eddie Toh, Partner, Cyber, Advisory at KPMG in Singapore, observes that AI-powered attacks have lowered the barriers to entry for attackers. “AI-powered attacks automate complex tasks, such as generating convincing phishing emails, or scanning networks for vulnerabilities, making it easier for less skilled attackers to succeed,” he points out.

  • Supply chain attacks. Toh also notes that supply chains and third-party providers “often serve as entry points for these cyber threats, amplifying their impact across multiple organisations.” The dangers posed by supply chain attacks were highlighted all too clearly by the 2020 SolarWinds supply chain attack, in which malicious code was planted into the company’s software, and subsequently distributed to its customers, with victims including the US Treasury Department, the Pentagon and a university. More recent examples include the March 2024 attack on Discord’s Top.gg bot platform, in which developers were infected by malware.

  • Rise of the deepfake. Another high-profile threat is the use of deepfake technology in cyberattacks. Earlier this year, an employee of British engineering group Arup was tricked into paying fraudsters HK$200m (£20m) after scammers posed as senior officers of the company during a video call. Toh explains that deepfakes – in other words, “imagery, video or audio featuring a specific individual that is replaced with another person’s face or voice or manipulated to give the impression the individual did or said something they did not” – are becoming increasingly sophisticated with the acceleration of AI. He adds, “Organisations must be vigilant about identifying and removing these files and should participate in educating the broader public on the subject.”

  • Quantum computing. At the same time, Toh says the emerging quantum computing space calls for organisations to upgrade their security systems in the coming years. “In a recent KPMG survey, businesses said they are ‘extremely concerned’ about quantum computing’s potential to break through their data encryption,” he explains. “Respondents believe that ‘it is only a matter of time’ before cybercriminals are using the power of quantum to decrypt and disrupt today’s cybersecurity protocols.”

Adopting a cybersecurity framework

So how can treasurers protect their organisations from these risks? According to Wiley, treasurers can do so by implementing “comprehensive cybersecurity frameworks” that include regular risk assessments, employee training programmes, and investment in advanced security technologies. “Ensuring they are on the latest versions of their software and partnering with the right treasury technology vendors that hyper-focus on cyber-risk is also key,” he says.

Wiley adds that challenges may include staying ahead of rapidly evolving threats, ensuring compliance with regulatory requirements, and fostering a culture of awareness and preparedness within the organisation. “Furthermore, treasurers must balance the need for security with operational efficiency, often requiring significant resource allocation and ongoing vigilance.”

Promoting a culture of security

Eddie Toh, Partner, Cyber, Advisory, KPMG in Singapore, says it is “essential” that organisations promote a culture of security in corporate treasury. “Part of this includes, for example, raising employee awareness of the importance of cybersecurity and establishing policies and procedures to secure data and systems,” he adds.

When selecting a treasury management system (TMS), Toh argues that treasurers should prioritise systems with advanced security features that integrate seamlessly into the broader security framework. According to Toh, key security requirements include the following:

  • Multi-layered security architectures. These include firewalls, encryption techniques, two-factor authentication, and regular security updates.

  • Real-time monitoring and analysis. Being able to monitor and analyse transactions in real time is critical to detecting suspicious activity early.

  • User management and access control. Maintaining strong access controls and managing user permissions helps minimise the risk of internal threats.

  • Compliance and reporting. A TMS must facilitate compliance with relevant standards and regulations and have effective reporting capabilities.

How can technology help?

Wiley says that technology can significantly help corporate treasurers in their efforts to mitigate cyber risk. “Advanced analytics and machine learning can detect unusual patterns and potential threats in real-time, enabling swift action,” he says. “Additionally, implementing multi-factor authentication (MFA) and end-to-end encryption can protect sensitive financial data from unauthorised access. However, it is crucial to continually update and refine these technological solutions to address new and emerging threats effectively.”

When it comes to detecting deepfakes and other cyber risks, Toh notes that AI can help to defend against attacks and strengthen cybersecurity. “AI systems are capable of continuously analysing large amounts of transaction data to detect patterns and identify anomalies that indicate potential fraud or cyberattack,” he explains. “Through learning from historical data, AI models are able to distinguish normal from suspicious activity, even if it appears inconspicuous on the surface. As a result, it is possible to react quickly to potential threats, often before damage has occurred.”

Furthermore, by leveraging predictive analytics, AI systems can also anticipate future risks based on trends and patterns in the data collected. “These include predicting fraud attempts, cyberattacks and other security breaches,” says Toh, adding that such predictions will allow treasury teams to take preventative action to minimise risks before they materialise.

In particular, Toh says one of the standout features of AI systems is their ability to learn and adapt. “Given that cyber threats are constantly evolving, having a security system capable of learning from new attack methods and adapting its defences accordingly is critical,” he says. “AI models undergo continuous retraining with new data, which improves their effectiveness over time.”

But as Dessing points out, technology in cyber risk management can be both a blessing and a curse. “On one hand it helps mitigate the risk by identifying malicious software and phishing emails more efficiently,” he observes. “But the rise of AI will alter the arms race between threat actors and defenders. AI will enhance threat actor sophistication and reduce barriers to entry for threat actors.” To keep up with these developments, Dessing recommends increasing internal vigilance and partnering with technology vendors that are committed to staying one step ahead.

Combatting the cyber threat with technology

Neill Campbell, Strategic Advisor in the Cybersecurity practice of Datos Insights, explains the role of technology in mitigating the risk of cyberattacks:

  • CIAM system. According to Campbell, the “foundational technology” that any treasury should ensure they have right is a strong Customer Identity and Access Management (CIAM) approach. “It is critical to ensure only those who should have access to treasury systems have access with no possibility of privilege escalation,” he explains. “A strong CIAM system can mitigate Account Takeover (ATO), session hijacking, man-in-the-middle (MITM), API abuse, insider threats and many more risks.”

  • Controlling critical data. Campbell also highlights the importance of ensuring control of critical data with strong access management controls. “Institutions face a proliferation of cloud-based deployments,” he notes. In a recent Datos Insights survey of 60 cyber risk leaders, the top concern was cloud security, with 33% focusing on cloud security as a top investment in 2025.

  • Artificial Intelligence (AI). Conversely, while AI is being “highly touted” in the marketplace as a tool for combatting cyberattacks, Campbell argues that the effective use of this technology in a defensive posture is “far more limited” compared to how attackers are harnessing this technology to increase the effectiveness of social engineering attacks. For example, a current trend involves the use of AI to improve spear phishing attempts by adversaries by making messages more plausible. “Along with a strong access management programme, organisations need to focus on education,” he says.

All our content is free, just register below

As we move to a new and improved digital platform all users need to create a new account. This is very simple and should only take a moment.

Already have an account? Sign In

Already a member? Sign In

This website uses cookies and asks for your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).
Ok, I agree Privacy Policy