When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.
October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad enough.)
The ultimate clickbait victim
A construction company suffered significant theft and transfer of money from the organization to a bad actor. Needless to say, the boss wasn’t happy, and since it involved a financial loss, it was brought to the attention of federal authorities.
Upon review of the incident details, it was discovered that a user had a habit of clicking on links in emails — not just any links, but all of them! This user failed everything taught in the awareness training and repeatedly fell victim to phishing schemes. Even more concerning, this was known to management and ownership.
Further investigation uncovered that during the security incident and subsequent network compromise, official company forms were stolen and used against the organization. The threat actor used these official forms to move money and alter vendor payment information, as well as employee payroll direct deposits.
But perhaps the scariest part of the story is that the user, known to click on everything imaginable, was st ..
Support the originator by clicking the read the rest link below.
