Heed the warning found in the story of a Virginia bank that was not breached once, but twice in an 8-month period of time!
While we’re all aware of the potential risks of cyber threats, most organizations think it will never happen to them… let alone, more than once. The story of The National Bank of Blacksburg, in Virginia, should make you think twice about just how real the threat is to your organization.
Both of the two breaches started with an employee falling prey to a phishing scam that gave attackers access to the infected endpoint and another system (via lateral movement). From these two systems, attackers had access to financial applications that gave them control over debit card transactions and anti-fraud protections – allowing them to withdraw funds from customer accounts.
The second attack was even more devastating – attackers gained control of an endpoint with access to a system that managed account credits and debits. Crediting over $2 million into accounts (and with their regained control over the same systems managing anti-fraud protections), they were able to withdraw funds from hundreds of ATMs.
The bank’s repeat breach has come to light now through a lawsuit, in which the bank is suing their insurance company for not covering the losses from both breaches – totaling $2.4 million!
According to the 2018 Hiscox Cyber Readiness Report, 45% of organizations have suffered a cyber-attack in the last 12 months and, of those, 68% have experienced more than 2. And in cases like the one above, once a criminal has an understanding of your organization’s systems – and the value they can bring the cybercriminal – you become a more desirable victim.
In both attacks, users falling for phishing scams was the weakest link. It’s only through a layered defense strategy that includes Security Awareness Training that you can minimize the possibility of a successful attack.
Cyber-attacks are rapidly getting more sophisticated. GDR Group will help train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now and email firstname.lastname@example.org to request a quote for Security Awareness Training for your organization.