Financial and Healthcare Insurance Industries Undertake Efforts to Combat Cybercrime and Phishing Attacks With KnowBe4 Internet Security Awareness Training
(CLEARWATER, Fla.) – Internet security awareness training firm KnowBe4 is advising small and medium enterprises to take heed of the recent PricewaterhouseCoopers (PwC) Global Economic Crime Survey, which reports that cybercrime is now among the top four economic crimes reported by businesses.(1) The PwC findings reveal that nearly 1 in 4 survey respondents experienced cybercrime incidents over the past year. KnowBe4 illustrates the potential repercussions in a cybercrime case study, which documents a financial industry cyberheist at a Utah credit union.
“As the PricewaterhouseCoopers survey shows, cybercrime continues to be an economic threat to businesses worldwide,” said Stu Sjouwerman, KnowBe4 founder and CEO. “In addition to direct financial losses, companies can also suffer loss of reputation – and loss of business – if customers’ personally identifiable information is stolen. Certain industries, such as financial services and healthcare insurance, are among those at greatest risk. That’s why it’s critical for organizations to have multiple levels of security in place, and to involve the entire enterprise in protecting corporate networks.”
The importance of cyber security measures is emphasized throughout the PwC report, which places the responsibility on business owners and senior management. “Traditionally, leaders have pigeonholed cyber security as an IT problem. But that’s a risk approach that could leave them open to attack,” warned William Beer, Director of Cyber Security Services for PwC UK. “Organizations need to make sure they have got the right defenses in place. And that is something that needs to come from the top.”(2) This advice also appears in PwC’s list of five ways to protect against economic crime, which argues in favor of: “Leadership by a cyber-savvy CEO, who instills a cyber risk-aware culture.”(3)
According to the World Economic Forum’s Global Risks Report 2012, “While significant resources have historically been needed to cause devastating consequences for geopolitical or corporate powers, it is increasingly possible for skilled individuals to do so remotely and anonymously through networked computer systems. … Any device connected to a network of any sort, in any way, can be compromised by an external party. Many such compromises have not yet been detected.”(4)
Through social engineering tactics, cybercriminals are able to target unwitting employees and circumvent security precautions. Sjouwerman cites a KnowBe4 case studydocumenting a cyberheist at the Treasury Credit Union, a federal financial institution in Salt Lake City, Utah. Despite the credit union’s antivirus protection, unknown perpetrators were able to infect an employee’s computer with malware and steal the worker’s login credentials – all without detection. The cyberthieves then proceeded to initiate a series of at least 70 wire transfers, mostly in increments of $5,000 or less. By the time the breach was noticed and the transfers halted, the unidentified cybercriminals had netted more than $100,000.
KnowBe4’s case study demonstrates that nobody is immune to cyber attacks, no matter how seemingly well-protected their systems appear to be. “Business owners have an obligation to ensure all personnel have formal Internet security training. They should also understand their attack footprint in terms of publicly available email addresses, and take appropriate precautions,” cautioned Sjouwerman.