Recently, Tallahassee, FL, fell victim to a cyber attack that cost the city nearly half a million dollars.
This high-profile security breach serves as a model cautionary tale but is unfortunately just one of many costly cyber attacks that target companies, businesses, schools, and cities. Though $500,000 may seem excessive, the average cost of a cyber attack is greater than $1 million. Though hackers show no sign of slowing, understanding Tallahassee's attack can help companies and businesses prepare for costly breaches, starting with end-user security.
Tallahassee's Expensive Cybersecurity Attack
Fortunately, Tallahassee has already started to recover a portion of the $498,000 that was stolen. Meanwhile, investigators have unpacked some of the details of the attack.
Believed to be orchestrated by a foreign party, the hackers targeted the city's third-party payroll vendor and diverted employees' direct deposit pay. Though it is unclear how the hackers managed to infiltrate the system, officials discovered that this was the city's second major breach in the past month. A month previously, the City Manager had unwittingly sent out a virus-containing phishing email to fellow employees.
Though officials do not believe the City Manager's initial phishing email was related to the $500,000 payroll attack, cybersecurity experts interviewed by USA Today were quick to state that hackers often use the most simple means to topple secure networks: email. These emails target the end-user in a business or company, quickly introducing viruses and collecting data.
The Cost of Simple Phishing Scams
One thing is clear from Tallahassee's cyber attack: phishing attacks are a simple, common, and effective social engineering method used by hackers worldwide. Hackers use these attacks to perform a variety of illegal acts:
- Install malware in a system
- Steal sensitive information and data
- Gather login credentials
Incredibly, phishing scams cost half a billion dollars yearly for American businesses by merely targeting unwary end-users. Employee negligence when it comes to cybersecurity constitutes the biggest cybersecurity risk in the U.S. In fact, a recent study indicated that 27% of employees would fail a phishing test.
Often, attacks target employees in deceptively simple ways. For example, hackers might send employees an "official-looking" email that asks them to update their login credentials, thereby poaching valuable security information. Or an email might ask an employee to open a Dropbox link that contains a security-compromising virus. Whatever the case, one simple mistake can quickly escalate into an expensive breach similar to Tallahassee's.
Preventing Cyber Attacks: Train End-Users in Security Awareness
The best way to prevent cyber attacks is through a comprehensive network security strategy that includes security awareness training. Trained security consultants can help prepare your employees for attacks in a variety of ways:
- Education & Information. If employees do not know what a phishing attack looks like, they will be way more vulnerable to clicking on malicious links or visiting dangerous websites. Therefore, proper security awareness training provides employees with generalized education and training on what phishing attacks look like, how to adequately report suspected scams, and how to recognize false domain names.
- Password Policies. Strong password policies ensure that employees are familiar with the oft-ignored basics. For example, employees must be coached to keep password info private, log off of unattended devices, and avoid updating password information through links sent in emails.
- Personal Devices. Incredibly, 2018 saw 25% of healthcare organizations suffering a breach through a mobile device. With more and more employees using personal technology like cell phones and mobile devices, training needs to cover the risks of using public Wi-Fi networks, leaving devices unlocked, and encrypting sensitive emails.
- Testing. To ensure that employees grasp their training information, a solid security awareness program includes frequent tests — such as imitation phishing emails — that gauge end-user comprehension of cybersecurity.
Tallahassee's massive breach is alarming but offers an educational opportunity for U.S. businesses. By bolstering network security at every level — especially for end-users — companies can stave off the daily onslaught of hacking attempts.
Total Computer Solutions provides businesses with the Cyber Security Awareness Training they need to keep employees educated, aware, and proactive about cyber attacks. For more information, please contact us today.