Hackers bombard a respected institution with a battery of malicious emails – a coordinated cyber attack. A handful of users fall prey to the bait and were hooked by Phishing attempts.
Sounds like the start to a crime novel, but it recently happened in Wichita, Kansas.
Earlier this month, Wichita State University employees provided hackers with access to their personal information on the University’s human resources system. In an email to employees, the University disclosed “a handful of employees had their direct deposit payroll diverted to another bank account, losing their full payroll amount.”
In short – the hackers convinced at least three people to give up their credentials, and those same hackers updated the direct deposit information on those accounts and were able to spirit away the money.
This type of hyper-focused attack (gaining access to a single user’s account on a known platform) is becoming more common, but users must remain focused on being the last line of defense.
The University agreed to make the employee’s whole, but most victims aren’t always so lucky.
Phishing Attempts Will Not Stop
It is easy to grow numb, but users should understand that Phishing will not stop. In the example of Wichita State University, something as simple as sending out a batch of emails to unsuspecting users yielded hackers thousands of dollars.
If there is profit, the attacks will continue.
Is Your Organization Vulnerable?
Phishing and other cyber attacks boil down to two recurring factors or themes:
Do you provide Security Awareness training?
- Condition users to be always on guard.
- Conduct ongoing user training, going beyond the yearly compliance training.
- Perform regular Security Awareness testing exercises to measure and manage a user’s behavior.
Is your Network properly managed?
- Remain up-to-date with emerging trends in cybersecurity.
- Perform security and system updates patching.
- Stay ‘alert’ through an always-on network and system monitoring.
Answering no or missing even one component to either question means your business is at greater risk.
How Umbrella Can Help – ITMS 3.0
Planning for the worst is how you prevent or recover from cyber attacks. The Umbrella ITMS 3.0 program can help your business improve system resiliency and put safeguards in place.
Unconvinced? What if you could find out if you are vulnerable?
Contact Us to schedule a Phishing and Ransomware Simulations. We will run a network resiliency tests to see how vulnerable your business, and its users, are to the latest threats.