The report focused on what the FBI calls “business email compromise” and what in InfoSec circles is known as CEO Fraud: cyber criminals pose as company executives to dupe staff into sending company funds to bank accounts controlled by the hackers. The FBI estimates such scams have led to a whopping 12 billion dollars in losses since 2013.
In some cases, attacks on these companies lasted months and were only discovered when law enforcement intervened. Each had securities listed on a national stock exchange and lost at least 1 million, though two lost more than 30 million and one lost more than 45 million.
Stephanie Avakian, Co-Director of the SEC Enforcement Division, said in a statement: "We did not charge the nine companies we investigated, but our report emphasizes that all public companies have obligations to maintain sufficient internal accounting controls and should consider cyber threats when fulfilling those obligations."
Regulators and lawmakers are increasingly focused on the risks cyber criminals pose to companies and their customers following a series of high-profile incidents.
Not Just Public Companies
And it's not just public companies that are required to have internal controls to protect against risks like this. There is a lot of recent case law that shows you need to have defenses against social engineering in place. Any organization needs to have what the courts view as "Reasonable Cybersecurity".
Here Are Three Free Resources
When new spear phishing campaigns make it through all the filters—and about 10 to 15% do—it is vital that IT staff be alerted immediately. One of the easiest ways to convert your employees from "weakest link" into your "human firewall" is to roll out KnowBe4's free Phish Alert Button to your employees' desktops and mobile devices. Once installed, the Phish Alert Button allows your users—which today are your last line of defense—to sound the alarm when suspicious and potentially dangerous phishing emails make it in their inbox.
Don't like to click on redirected links? Cut & Paste this link in your browser: