Cybersecurity for the finance department: 4 threats you need to know

Written by Editorial staff

Cybersecurity for the finance department: 4 threats you need to know
4:38

October is International Cyber Security Month, and this year the campaigns both in Norway and internationally have several common themes. As a result, you may have seen slightly different messages, but the aim is the same: to make us all a little stronger and safer in our everyday digital lives.

Digital threats are becoming increasingly sophisticated, so we need to have both the right tools and knowledge to protect our business assets.

Here are 4 simple and smart steps you can take to stay safe:

  • Use strong passwords and a password manager.
  • Turn on multi-factor authentication (MFA).
  • Recognize and report scams (especially phishing).
  • Update software regularly.

According to national security authorities, more than 8 out of 10 Norwegian companies have experienced hacking attempts in the past year, and globally the number of cyber attacks has increased by as much as 80%.

It's high time to take this seriously.

The finance department: An attractive target for criminals

For those of you who work in accounting and finance, the risk is particularly clear. You manage your company's most sensitive data and assets, making you a prime target for cybercriminals.

Unfortunately, this is reflected in the statistics:

  • A 2025 survey shows that nearly 4 in 10 Norwegian accountants have suffered a data breach, phishing or ransomware attack in the past two years.
  • Over 60% of accounting and auditing firms consider the cyber threat to be critical. Yet only 25% have implemented advanced security measures.
  • Invoice fraud and misuse of login credentials are the most common forms of attack. As many as 8 out of 10 successful attacks are due to stolen usernames and passwords.

Both NSM and Kripos are clear: Traditional security measures are no longer enough. We need to move from believing that we won't be affected to understanding that it's a question of when. Investments in technology, continuous training and robust routines are crucial.

The 4 most common attacks you need to know about

There are many ways to be attacked, and new, intelligent methods of cyber attack are constantly emerging, but for Norwegian businesses there are four methods in particular that stand out.

1. Ransomware 🦠

This is the threat that the National Security Authority (NSM) considers to be the biggest challenge for Norwegian businesses. Attackers lock (encrypt) your company's files and systems and demand a ransom to return access. Often, they also steal sensitive data and threaten to publish it if you don't pay.

  • Consequence: Complete downtime, huge financial losses and loss of reputation.

2. Phishing 🎣

This is by far the most common method of attack. Scammers send targeted emails that appear to come from a legitimate sender - a boss, a supplier, a bank. The aim is to trick employees into providing sensitive information such as passwords, or to click on a link that installs malware. Unfortunately, phishing scams targeting HR and finance departments are all too often successful.

  • Consequence: Can lead to data breaches, account hijacking and is often the starting point for other, more serious attacks.

3. Business Email Compromise (BEC) 🕴️

This is a highly targeted and sophisticated form of phishing. The fraudster pretends to be an executive in the company (often the CEO or CFO) and sends an email to an employee in the finance department with instructions to urgently transfer money to a new account, often in connection with a "confidential acquisition". A well-known example is when hackers gained access to the email account at Rederiet Stenersen and sent false invoices directly to the accounting department, which were paid.

  • Consequence: Direct financial loss, often of large sums.

4. Supplier fraud (Invoice fraud) 🧾

A variant of director fraud where criminals either send a fake invoice or hijack the email correspondence with one of your real suppliers. They then send a message stating that the supplier has switched bank accounts and request that future payments go to the fraudster's account.

  • Consequence: Money is paid to the wrong recipient and is effectively lost.

These four threats are often interconnected.

A successful phishing attack can, for example, give fraudsters the access they need to carry out director or supplier fraud, or to install a ransom virus.

Security should be on the agenda every day, all year round. The point of a security month is to look up, learn more and reinforce good practices together.

We will regularly share tips and advice for a secure everyday life in the finance department.

Want to stay updated?

Read more articles on the subject!

Visit our blog

Related posts
Just one thing before you go!

Spend 2 minutes and see how easily you can save your business time and money with Compello.

Start demo