Two men looking at computer screens in the dark. Big game hunting puts treasuries at cyber fraud risk

Cyber criminals set their sights on treasury

So-called Big Game Hunting (BGH) puts large corporations at risk of losing huge sums. Treasuries must learn how to protect themselves.

Paul Gillen, Chief Information Security Officer, Barclays Europe and Helen Kelly, Head of Europe, Barclays Corporate Banking take a closer look at what 32%1 of treasurers have identified as their top regulatory concern over the year ahead.


1TMI and Barclays European Corporate Treasury Survey 2021^ (PDF).

  • How cyber-attacks manifest

    How cyber-attacks manifest

    With almost 1,400 recorded incidents1 in the first 7 months of 2021 and Big Game Hunting (BGH) on the rise, such attacks are a serious threat to corporations. BGH involves the use of “ransomware tactics, techniques and procedures (TTPs) to extort large sums by holding systems and/or data hostage,” explains Paul Gillen.

    Companies that can least afford downtime or have high-value intellectual property (IP) are prime targets and criminals will “hunt them down over weeks and months,” Gillen warns. In Q4 of 2020, the average downtime due to a ransomware attack was 21 days^ and the mean global cost of remediating an incident rose to $1.5m this year, up from $761,106 in 2020^.

    Fraudsters pose as legitimate sources and send emails that aim to trick people into divulging sensitive information or transferring money. Typically, there’s a link to a fake site.

    Alternatively, emails may contain an attachment or link which, when opened or clicked, allow criminals to access your system.

    1Cyber Defence Alliance, Ransomware-as-a-Service Alerts, 1 January 2021-31 July 2021.

    Equip your team for the fight against cybercrime


    Create a programme of ongoing education and training

    to ensure the treasury team understand how cybercrime works and what they can and should do to protect themselves and the business.


    Keep on top of evolving threats

    and communicate that throughout the business. Barclays offers regular webinars that can help as part of an awareness programme.


    Make sure your processes are robust,

    that any necessary changes are noted, and that the team is informed of new requirements, for example, multi-factor authentication. Also look to automate treasury processes where possible.


    Build a culture of openness

    where people aren’t afraid to speak up (and there are mechanisms to enable that) and where cybersecurity is seen as a collective responsibility.


    Regularly update anti-virus software

    and install any patches immediately when notified.


    Make it clear what steps a treasury team member should take

    if they feel that they may have fallen victim to a cyber-attack. This can facilitate a faster response and potentially reduce exposure.

    Mobilising human resources is essential in the fight against cybercrime.

  • The pandemic and evolving threats

    The pandemic and evolving threats

    “In early 2020, we saw organisations having to shift to entirely different ways of working, almost overnight,” Helen Kelly recalls. The rapid pivot in operating environments laid bare technological vulnerabilities in organisations around the world. Even when remote-working software and protocols were in place, cybercriminals continued leveraging Covid-19 as a theme for phishing emails. With employers and employees in a state of turmoil “logical thinking around cybercrime was put to one side and people clicked links that they wouldn’t have under normal circumstances,” Kelly believes.

    Initial access brokers (IABs)
    These groups sell access to victim organisations as a service, often collaborating with criminals who focus on malware development and execution. Paul Gillen adds that “many of the major IABs started off as developers of banking trojans, gradually adding network intrusion capabilities. They’ve been used during recent major cyber intrusion operations, and in some cases initial access may have been bought or sold by nation-state adversaries.”

    “The ransomware business model is evolving to focus on supply chain compromises and aggressive extortion tactics. Recent demands have been as high as $70m and gangs are carrying out around 35 attacks every week^,” Gillen continues.

    Ransomware-as-a-service (RaaS) and Distributed denial-of-service (DDoS)
    RaaS is a growing area of cybercrime, whereby criminals pay other gangs for the services they need to perform a ransomware attack. DDoS is used against online services to force higher-value ransom payments.

  • Treasuries beware

    Treasuries beware

    A successful ransomware attack on a business’ payment system could, according to Gillen, result in it facing “regulatory action due to compromised personally identifiable information [PII], loss of monetary assets and loss of service. In turn, this could lead to reputational damage and loss of customer trust.”

    Payment of ransoms is something treasurers must be extremely vigilant about. “Some corporates have paid them in order to bring services back online more rapidly, but we do not endorse the payment of money to criminal gangs,” Gillen firmly states. Not only does it encourage cybercriminals, “some ransomware operators are internationally sanctioned. Therefore, payments to such groups may cause an organisation to face regulatory or even legal action,” he adds.

    While ransomware is rightly front and centre of any discussion about cybercrime, the aforementioned banking trojans continue to evolve and carry out “sophisticated network intrusion, which can be devastating for corporations,” Gillen warns. He adds that the attacks can be silent, “without a ransom and with no red flags, such as the theft of IP.”

    CEO/CFO fraud, also known as business email compromise (BEC), has been a threat for years, but Covid-19 disruption has provided those who deploy it with new opportunities. Helen Kelly observes that, “BEC has found holes in some corporates’ armour in recent months.” The social engineering that informs a BEC attack is also becoming more sophisticated. “Senior company executives are at risk – arguably more than ever – with cybercriminals using online collection through social media and social engineering campaigns,” she adds.

    Invoice fraud also remains rife, with cybercriminals sending fake invoices or looking to change the bank details of an existing supplier to divert money. “Unexpected changes in personnel, bank account details or telephone numbers are red flags to watch for here,” advises Kelly.

  • Staying safe takes teamwork

    Staying safe takes teamwork

    "People are one of the best defences against cybercrime,” says Kelly. Gillen agrees, adding “Cybersecurity is a team sport. It’s not about looking at one function over another but examining how they work together and how threats might target the organisation through different pathways. A joined-up approach to cybersecurity is essential – and this extends beyond the four walls of the organisation to trusted business partners.”

    In addition to collaborating with trusted partners, Barclays deploys the latest technology behind the scenes to analyse customer behaviour and ensure it truly is the client that we’re interacting with. Any anomalies that are detected are flagged up to the client to ensure that a fraud is not occurring.

    We place significant emphasis on education and training, often working with organisations to help identify weaknesses in their cybersecurity protocols and bringing employees up to speed on threats to look out for. “I would encourage treasury leaders to hold regular sessions with their teams around the threat landscape,” advises Gillen. “Team members, no matter how junior, need to feel able to question instructions – even if they purport to be from the CFO or CEO. Reducing a sense of urgency should also be permitted where necessary. It is far better to stop and question payment instructions, and potentially send a payment late, than to send a fraudulent payment on time.”

    “Although it isn’t the cutting edge of cybersecurity, it is vital to pay attention to strong authentication, patching, monitoring, and risk oversight. Treasury will be easier to defend if everyone takes care of the fundamentals,” he notes.

    Kelly adds that automating processes to “reduce manual touch points decreases the number of opportunities for cybercriminals and fraudsters. Robotic process automation [RPA] can be applied to low-value, repeatable processes and then artificial intelligence [AI] can be layered on top to deliver more intelligent insights, in a safer environment.”

It’ll never happen to us

One of the biggest pitfalls to avoid when it comes to cybercrime is thinking that ‘it won’t happen to us’. Gillen and Kelly conclude with the following thoughts:

Cybercrime is extremely real. Businesses often make the mistake of thinking they have nothing of interest to cybercriminals. They could not be more wrong.

Paul Gillen

Chief Information Security Officer, Barclays Europe

Treasurers must take the lead and ensure their team is always ready to deal with the evolving threat landscape. Cybersecurity is no longer an add-on to the treasury role; it is the backbone for best practice.

Helen Kelly

Head of Europe, Barclays Corporate Banking

Important information

Content taken from article originally written^ by Eleanor Hill and published by Treasury Management International.

Where to next

Fraud Protection

Fraud Protection

Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.


Fraud trends targeting your business in 2021

Fraud is on the rise, but what are the trends that businesses need to look out for and how can they protect themselves? We talk to experts from the Fraud Advisory Panel to find out more.

Latest insights