The Cybersecurity problem gets worse by the day and as we have covered before, there is an increase in attacks targeting money-transfer. In fact, while ransomware isn’t going away any time soon, the sheer amount of money which can be scored from a wire transfer scam is so enormous that ransomware pales in comparison.
As we just wrote:
- Money transfer attacks occur when company employees are tricked into wiring money to a hacker account through what looks like a legitimate email from their boss or other authorized authority. By hacking mailboxes, malicious users can learn patterns and terms used by an organization and subsequently use these terms against them. Tens or hundreds of millions of dollars are lost by corporations each year through such attacks.
Some time back we wrote about Portnox and how they add visibility and control to help secure networks. The company continues to make progress – we just spoke with them today and they detailed how their products are getting better at helping their clients stay safe. They are focusing more on their cloud-based products these days as there is more demand in this area.
According to Ofer Amitai, the CEO, the biggest threat to corporate America today is all the IoT devices proliferating on the network. In addition, he thinks companies can be doing more to protect themselves – they can and they should. We agree.
But staying cybersecure is more than just technology and policy – both which are crucial to staying not only safe but compliant with FINRA, HIPAA, NIST, FCC guidelines, etc. Companies need to also train their teams – frequently, in an interactive setting. You can’t just run a YouTube video on a screen and call it a day. Most employees won’t absorb the information they need.
What happens if you don’t train your team properly? One example is the following: A staff member at MacEwan University in Edmonton recently sent $8 million US to a hacker thinking it was a vendor. The worst part is this happens all the time. Recently an MSP and MSSP in New York City I am involved with, had two companies in one month tell them they were hit with this scam – totaling in the hundreds of thousands of dollars.
Bottom line. Social media and the proliferation of passwords on the dark web have made it relatively easy for hackers to construct emails and send them to the right people within your organization to prompt them to wire money. Cybersecurity training may have been the only way to stop these sorts of attacks – ones which will eventually get to your organization.