Venue
Mannheim - Online

What is Qwoted?

Qwoted is a free expert network: we help reporters connect with experts & we help those same experts build relationships with top reporters.

Event Date Tue Sep 20 CEST (about 2 years ago)
In your timezone (EST): Mon Sep 19 6:00pm - Mon Sep 19 6:00pm
Location Mannheim - Online
Region EMEA
Details

Further development of attack patterns as a challenge.

Payment security is a subject that is constantly evolving and has thus become one of the greatest challenges in corporate treasury. Companies are challenged to protect themselves against increasingly sophisticated attacks - media reports on spectacular attacks confirm that it is worthwhile for fraudsters to invest criminal energy in the further development of the attacks.

Since we are constantly confronted with new cases of fraud in our consulting projects, we always have an up-to-date overview of the latest attack patterns. Together with our long-term IT security partner we present these and present the best practices for processes and technology in payment transactions.

Main topics:

Recognize "social engineering":
• “Phishing attacks” as the starting point for most attacks.
• "Vishing" and "SMSishing" easier than ever.
• “Deepfakes” can you believe your eyes and ears?
• “Business e-mail compromise” is becoming more sophisticated.

Understand attack patterns:
• “CEO fraud” and its innumerable further developments.
• "Payment Diversion" when payment methods change.
• "Fake invoice" if the wrong supplier reports.

Consider technical aspects:
• Illustration of the separation of functions and the four-eyes principle.
• Handling of administrator rights.
• Securing the communication channels between systems.
• Tamper-proof transmission of payment files.

Close security loopholes:
• Avoidance of critical overlaps in tasks and rights.
• Valid master data as the basis for secure processing.
• Manual payments as a "necessary evil".
• Special features of staff payments.
• Four eyes principle and two-way validation - a must or additional effort?

Group of participants:
Executives and employees from the finance and treasury area who are involved in the processing of payment transactions or who are responsible for them and who are interested in increasing security.

Goals:
After a presentation of the most important attack patterns, the payment transaction process is analyzed in terms of content and technology with regard to critical points and best practices are defined. Finally, the participants take part in a demonstration of a practical attack and gain insight into the Darknet.

Speakers

2022 Speakers

Thomas Dirnbauer
Senior Consultant, Schwabe, Ley & Greiner

Thomas Hackner
Managing Director, Hackner Security Intelligence

Hannes Lorenz
Security Consultant, Hackner Security Intelligence