What if your company lost $500,000? Would that be considered a catastrophic organizational failure?
There are plenty of examples, in fact daily, of the impact and toll cybersecurity breaches and phishing attacks have on companies, institutions, and associations of all sizes.
Perhaps one of the most alarming statistics is the financial loss often resulting from human error.
Here’s a recent examination from The Seattle Times of the Port of Seattle and a statewide audit that showed an alarming trend and some eyebrow-raising figures.
The Port of Seattle fell victim to a phishing attack. The scam began when an employee received an email appearing to be from the CEO of the Port. The email instructed the employee to wire $570,000 to a bank account in China. As a port dealing with importing and exporting, that may not seem an odd request, but from the CEO?
The employee was responsible for making payments on behalf of the Port so fulfilled the alleged executive request via wire transfer.
All but $50,000 was returned via an arduous process involving the authorities and the Port’s insurance provider.
For those familiar with cybersecurity awareness and phishing training programs, this example should have raised several red flags.
The scam email utilized a doppelganger domain similar, but not matching, the executive’s actual email address. In today’s cybercrime-ridden digital landscape, it’s paramount to always examine every request in great detail and verify the request’s legitimacy.
Again, perhaps an easy thing to remember for someone who has received adequate cybersecurity awareness training.
In this instance, however, the employee who made the mistake and executed the fraudulent request’s ask had not received ANY cybersecurity training on how to identify, spot, avoid, and report suspicious correspondence and phishing attacks.
The importance of cybersecurity training cannot be overstated here. A recent Verizon Data Breach Investigations Report found 94% of all malware is delivered via email and phishing attacks are the most common form of cyberattack.
Cybersecurity training and awareness programs help organization’s identify and prevent this exact situation and mitigate the risk phishing attacks present.
Proper employee and staff education should include how to recognize phishing emails, the common tactics cybercriminals utilize, a look at what themes and attack methods are on the horizon, how to report suspicious emails via an incident response plan, and how to avoid falling victim to these types of scams in general.
For the Port of Seattle, the consequences were real. $570,000 could have been lost forever if not for fast reaction by the authorities and insurance coverage. But it’s important to note the more claims are made, the higher the premium for an organization failing to take adequate proactive precautions to avoid cyberattacks where possible.
There’s no doubt some loss of public trust in the organization following a lack of adequate attention to detail and the ease at which more than half a million dollars was released.
The state auditor’s office found staff did not “consistently or adequately” adhere to the procedure in place designed to protect electronic funds and transfers in addition to missing “key red flags” for phishing schemes.
The Port requires an “annual refresher” for employees and staff, but checking a box doesn’t always help people truly learn and understand the risk at hand.
The most alarming line from the Times piece was saved for last.
“According to the (auditor’s) report, the Port of Seattle sent a total of more than $1.6 billion to vendors in 2021 and 2022. Statewide, over $28 million in public funds has been lost since 2016 due to phishing, the report says.”
It’s easy to see how even a transaction of $500,000 didn’t seem out of place when nearly a billion dollars is transferred to vendors annually, but the fact more than $28 million has been lost statewide in Washington since 2016 should put every company, organization, financial institution, and beyond on notice.
To have your cybersecurity training program evaluated or to create a customized program from scratch, reach out via the request demo button on this page to schedule a tailored demonstration to best serve your specific needs.
