Posts

Showing posts with the label cyberattack

Cyberattack and the Risk to Wire Transfers

October is Cybersecurity Awareness Month, the perfect time to provide some common-sense tips to avoid a common risk facing businesses: business email compromise and wire fraud. Businesses of all shapes and sizes use email, and those accounts are susceptible to attempts to trick employees into providing sensitive information or sending money. The perpetrators of business email compromise scams send authentic-looking messages and use a sense of urgency to trick an employee into acting quickly without verifying the sender’s identity. With respect to wire fraud, bad actors have made a business of hacking into corporate email systems, perpetrating the “man in the middle attack” whereby the bad actor jumps into a conversation between individuals communicating by email. Often, this conversation involves discussion of a scheduled transaction, and the bad actor modifies wire instructions so the payment, which may be substantial, ends up with the bad actor, not the intended recipient. Typically...

What Companies Can Do To Protect Against Cyberattacks … and the Litigation That Often Follows

  Key Points Companies should critically a ssess the strength of their cybersecurity defenses against evolving threats, including third parties’ vulnerabilities. Recent changes in regulatory expectations for cybersecurity have underscored the need for board oversight of this potential risk. Many boards are now revisiting whether and how to assign cybersecurity oversight to a board committee. A well-designed governance framework for managing cybersecurity risks can help minimize the legal risks companies and directors will face after an attack. Companies that implement policies and procedures for rapidly reporting, escalating and thoroughly documenting the board’s oversight of cybersecurity issues will be well positioned to defend against post-attack litigation. Cyber threats continue to grow as a result of increased digitization, widespread use of cloud computing, advanced connectivity and artificial intelligence (AI) , requiring boards of directors across all sectors to focus mor...

If a Cybersecurity Firm Can Fall For the Latest AI Workplace Scam, So Can You: 10 Steps to Protect Your Business

  A prominent cybersecurity training company just fell victim to an increasingly common scam when it hired a remote worker who turned out to be a North Korean cybercriminal that used AI deepfake tools to fake his identity and infiltrate the organization. The Florida-based company caught the would-be thief before he was able to steal any data, but he did attempt to load malware and execute unauthorized programs on firmwide systems in what could have been a damaging attack. “If something like this can happen to us, it can happen to almost anyone,” the CEO said in the wake of the cyberattack. What are the 10 things you can do to ensure you don’t fall for the same scam? What Happened? The Florida-based firm, which specializes in providing cybersecurity training across the globe, was hiring a remote software engineer for its internal IT AI team. It ended up hiring a remote worker for the job after a typical hiring process. It selected resumes from the applicant pool, conducted four vide...