Suited man holding a tablet with a lock graphic spiraling

Protect Your Business by Staying Ahead of Hackers

April 18, 2019

Protect Your Business by Staying Ahead of Hackers

Synopsis
3 Minute Read

Knowing what to do when an incident is identified and acting effectively within the first 24 hours is equally important. Effective response can help you recover and prevent losses by means of immediate actions.

Partner, National Leader, Cyber Security

Cyber attacks are evolving. Is your cyber security plan evolving too?

The City of Ottawa’s treasurer fell victim to a popular cyber attack technique known as “whaling”. This threat compromises the email account(s) of a person in authority at an organization and sends email requests to personnel -- at the organization or a trusted third party -- to perform an action. In this case, the attacker requested a payment be made to a new wire address.

These organized criminals or threat groups responsible for these forms of attacks often have a high success rate. MNP’s Cyber Incident Response team has responded to dozens of these incidents for both private and public organizations. The financial loss of some organizations from a single whaling request exceeds $100,000 USD and can total in the millions of dollars.

The City of Ottawa is in a fortunate position as the RCMP and the U.S. Secret Service have identified the likely fraudster involved and the City may recover some of its lost funds. For most organizations in this predicament, they are not so fortunate and typically do not recover any of their lost funds. Without the proper insurance, they may need to pay for this event in full.

Why is this form of attack resulting in unauthorized wire transfer so prevalent? Because it is easy. Attackers put in the minimum amount of effort required to achieve their goal. Successful phishing of an organization is easy and compromising the trust system between people is simple. Once this stops being easy, attackers will find some other attack that is easy to achieve their goals.

This loss could have been avoided. CTV News reports that a similar attack within the City of Ottawa’s environment became evident in early 2018, however it was not reported. We cannot speculate on the exact details of the event, however, had that event been reported, the City could have regarded the event as a probable loss had it been successful, resulting in implementation of preventive and mitigative controls.

The incident is the pinnacle point that cyber security addresses. For organizations looking to defend against attackers, they must have three main practices: prevent, anticipate, and mitigate and respond. Effective threat intelligence processes can identify whaling as a prevalent attack being used globally and potentially against the organization itself, allowing the organization to address the attack by putting specific controls in place to prevent, anticipate, mitigate and respond. Your organization can stay one step ahead of the attacker.

Knowing what to do when an incident is identified and acting effectively within the first 24 hours is equally important. Effective response can help you recover and prevent losses by means of immediate actions, like identifying the unauthorized wire transfer mid-approval, halting it and removing the threat from the environment.

To learn more about defending your organization against cyber attacks, contact Danny Timmins, National Leader, Cyber Security 905.607.9777 [email protected] or Sam Smagala, Senior Consultant, Cyber Security, 905.607.9777, [email protected] .

Insights

  • Confidence

    December 01, 2021

    The path to pharmacy ownership : Start-ups and acquisitions

    If you’re looking to make the leap from employee to owner of a pharmacy, consider some practical information on what it takes - from a financial capital, strategy, legal, and tax planning approach.

  • Confidence

    December 01, 2021

    Sealing the leaks: how to create an airtight case

    Disparate and dirty data can significantly slow down forensic investigations. Here’s how digital data reconstruction can help.

  • Confidence

    December 01, 2021

    Designing Compelling and Sustainable Dashboards

    Following a few simple guidelines will increase the odds of designing and building dashboards that are accessible, relevant, and most importantly – used!