Pulled from the Headlines
Florida Principal
“I am a very smart lady. Well-educated. I fell for a scam.”
That was Dr. Jan McGee, the principal of a well-regarded charter school in Florida, speaking after she was forced to resign a few weeks ago.
She thought she was sending money to Elon Musk in exchange for an investment in her school.
The scammer pretended to be Musk’s partner and communicated with her for at least 4 months. She then wrote a check from the school’s account for twice the amount she had authorization for. Luckily, the check was stopped before it was cleared.
It is also reported that staff at the school had told her it was fraud.
Federal Reserve Chairman Powell
You’ve probably seen this in the news over the past few days. Fed chair Jerome Powell’s call in January was not with Ukrainian President Zelensky but actually with a Russian comedy duo.
There is video being circulated on the internet, but a spokesperson from the Federal Reserve says it has been edited, so they cannot confirm that it’s authentic. It could be a deepfake. They also say no sensitive or confidential information was exchanged during the 15-minute call.
The duo is known to be Putin supporters and has pulled this kind of prank before. The BBC reports Canadian Prime Minister Justin Trudeau, European Central Bank Chief Christine Lagarde, and Elton John have all been targets of the duo.
What does this mean for your business?
Scams don’t just happen to dumb, careless people. Everyone needs to be alert.
Put the right processes with checks and balances in place, and your organization can avoid a lot of headaches.
When the Math Doesn’t Quite Add Up – Interesting Stats
Get a high-level view of the cybersecurity landscape today with some interesting statistics from 2 recent reports.
- Fortinet’s 2023 Global Ransomware Report
This study seems to show that the majority of organizations say they take the ransomware threat seriously…yet fall victim nonetheless.
- 78% of cybersecurity leaders say they are ‘very’ or ‘extremely’ prepared to stop ransomware attacks.
- 91% say ransomware was either the ‘most important’ or a top 3 priority.
And yet
- 50% of organizations were a victim of ransomware in the last 12 months.
Plus, it’s worth noting that 67% of organizations were a target of a ransomware attack and 46% were targeted two or more times.
Fortinet also says scam emails remained the top initial attack vector in more than half of the attacks.
- Identity Theft Research Center’s Q1 2023 Data Breach Analysis
The image above shows overall stats from this report. Click on it to view a larger infographic and enter your info if you want to download the report. But here’s the main takeaway:
Many (which is too many) organizations do not know how to find the root cause of an attack resulting in a data breach. And if you can’t find the root cause, you can’t be sure you’ve addressed the vulnerability.
- In this report, Q1 saw 445 reported data breaches, down from 512 the previous quarter. That’s good.
- However, the percentage of breaches where there was no actionable information about the root cause of the compromise increased to 42%. That’s bad.
- And just for fun, 60% of the top ten data breaches reported could not identify a root cause.
As KnowBe4 explains, “Not knowing how threat actors got in leaves the door open for continued leverage of the likely persistence established to either attack again or sell off the access to another threat group.”
KnowBe4 also points out that “Even without knowing the root cause, there are really only three major initial attack vectors to address:
- RDP access (simple fix: get rid of any external remote access),
- vulnerabilities (a bit tougher, but patch and scan for vulnerabilities), and
- email attacks (address with a layered set of security solutions matched with a user base that is enrolled in continual security awareness training to ensure any malicious content that gets pass security solutions is spotted by users before they unwittingly help the attacker).”
What Does This Mean for Your Business?
Think about cybersecurity like that line from Law Abiding Citizen – “It’s not what you know; it’s what you can prove.”
Don’t just say cybersecurity is important to your business. Invest time and tools into protecting yourself.
Don’t just believe you have the right systems and protections in place. Test them.
Don’t just think your team knows how to handle fishy messages. Train them.
Don’t just know you should have strong, unique passwords and MFA enabled. Actually do it.
Before you wish you had.
