A number of high-profile cyber-attacks in 2021 have thrust cybersecurity back into the spotlight. In light of the HAFNIUM hack, cybersecurity has become a major focus for many businesses. Although the hack itself was not the result of human error, it was a wake–up call for organisations to make sure they were fully protected.
The Department for DCMS鈥 revealed that phishing is still the most common cause of cybersecurity breaches, accounting for 83% of all successful attacks.
Phishing can result in dramatic financial losses for your business, as well as reputational damage; Aon identified damage to reputation as one of the three biggest effects of a cyber-attack.
Cyber-attacks can cost your business eye-watering sums of money in many ways. Here, we detail the most expensive cyber-attacks in recent years.
Fake invoice emails cost Google and Facebook 拢75 million
Many people think digital businesses are savvy when it comes to avoiding scams, but Google and Facebook proved this isn鈥檛 the case. The two behemoths that amounted to losses of over 拢75.5 million.
Hacker Evaldas Rimasauska posed as Quanta, a Taiwan-based company that both Facebook and Google used as a vendor. He successfully fooled the companies by sending fake invoices that resulted in them wiring money to him. He was eventually convicted of wire fraud, but not before he swindled the businesses out of millions.
Both organisations were able to recover nearly half of the stolen money, but that still leaves over 拢35 million of lost cash.
Crelan Bank falls victim to CEO fraud and loses 拢57 million
In 2016, Crelan Bank lost over 拢57 million when employees fell victim to a sophisticated social engineering email scam known as CEO fraud.
The hacker was able to successfully gain access to the email account of a high-level executive. They managed to spoof the email account of the CEO by masking the sender as the CEO. The attacker then instructed the company鈥檚 employees to transfer money into a bank account controlled bythem, all while posing as a high-level executive.
To this day, the identity of the hackers remains unknown despite the fact that an internal audit revealed the attack.
More from Cybersecurity
- ShinyHunters Just Hacked Rockstar Through A Supplier 鈥 Every Business Using Third-Party Software Should Pay Attention
- Is Vibe Coding Safe Or A Cybersecurity Disaster Waiting To Happen?
- Anthropic Is Taking On Cybersecurity With AI, And It Has Brought Apple and Amazon Along For The Ride
- External Attack Surface Management And Why It Matters For Startups
- SpyCloud鈥檚 2026 Identity Exposure Report Reveals Explosion Of Non-Human Identity Theft
- The Aura Data Breach Exposed 900,000 Users 鈥 Here Is What Every Business Needs To Know
- How AI And Hacking Professionalism Are Overwhelming Endpoint Security
- Navigating The Hidden Dangers Of USB Devices In The Modern Workspace
拢46 million loss for FACC after successful social engineering scam
Another email-based social engineering scam saw global aerospace company FACC lose 拢46 million.
Here, the CEO鈥檚 email address was infiltrated and used to dupe employees into transferring huge sums of money to a suspicious bank account. Unfortunately, an entry-level accounting employee ended up transferring the funds to the account, under the impression that it was part of an 鈥渁cquisition project鈥 without doing their due diligence.
The CEO and CFO were fired as a result of this hack. The company also sued them due to their failure to set up 鈥渁dequate internal controls and to meet their obligations of collegial cooperation and 蝉耻辫别谤惫颈蝉颈辞苍鈥.
Were these attacks preventable?
There鈥檚 one thing all of these attacks have in common: a lack of cybersecurity awareness amongst employees. Human intelligence and comprehension is the best defence against phishing attacks. In fact, if your employees have a great grasp of cyber literacy, your business can be protected from some of the most common cyber–attacks that occur.
Human error is a huge factor in cyber-attacks 鈥 in fact, 90% of successful breaches are the result of human error. Hackers have a range of tactics to infiltrate your systems, but quite often, your employees can unwittingly give them the key to the front door.This could be through accidentally entering account information into suspicious websites, having a password that鈥檚 easy to guess, or not using two-factor authentication.
How can I prevent phishing attacks?
Most of the time, hackers using phishing attacks will pose either as a person known to the business, or a company known to you 鈥 like a partner, customer, or supplier. These sophisticated attacks can be difficult for users to spot; after all, we would naturally trust an email coming directly from the CEO of the company.
Here are a few quick tips to help you prevent these types of attacks:
- Have regular password changes every 30, 60, or 90 days and use strong passwords.
- Install two-factor authentication (2FA) for all employees.
- Enlist the help of a managed IT services business, which will hire the best and brightest minds in cybersecurity.
- Ensure all employees have taken cybersecurity awareness training.
- Have regular security health checks, including testing for weaknesses in both the systems and employee knowledge gaps.
If you receive a suspicious email purporting to be from someone you know, the best course of action is to speak to them directly. Verify the email from their mouths before doing anything about it 鈥 no matter how urgent the email sounds. Ensure you do this by alternative communication methods to the email, such as picking up the phone, speaking to them in person, or video calling.
Cyber-attacks can be costly, as proven by these examples. Even smaller businesses can fall victim to these attacks, so don鈥檛 assume you鈥檙e safe because your business isn鈥檛 as big as Facebook. In fact, 60% of small businesses that fall victim to a cyber-attack will go bust within six months. By taking this advice into consideration, you can prevent your business from falling victim to these increasingly sophisticated attacks.
Credit: TSG, https://www.tsg.com/
