Think a breach couldn’t happen to your organization? Think again!
Just prior to activating their Defendify platform, a 150-person company experienced a type of attack known as Business Email Compromise. A criminal hacker infiltrated their finance manager’s email account and sent well-crafted fake invoices to their customers. The hacker then carefully cleaned out the finance manager’s “sent” folder, and redirected replies to their own address. Then the hacker waited while payments came in.
The company only found out about the situation through conversations with their customers, who thought they had paid real invoices.
After activating their Defendify platform and reviewing some of the initial findings it was immediately obvious that specific, knowable vulnerabilities allowed the attack to take place:
- A Defendify Stolen Password Scan showed that 75% of the company’s employees had passwords compromised and accessible on the Dark Web.
- A Defendify Cybersecurity Health Checkup revealed that the company did not use two-factor authentication on their accounts.
Armed with this information, the company was able to take quick steps to remediate these vulnerabilities, including changing passwords to secure, unique passphrases, setting up two-factor authentication, and appropriately communicating with their customers. Now their Defendify Stolen Password Scan runs monthly to alert them to potential new compromises, and their Defendify Cybersecurity Health Checkup gives them a thorough list of other key areas upon which to improve.
This circumstance is not unique to any one organization or employee – a cyberattack can happen to any organization.
If you want additional help with any of the topics covered in the article, you can contact RoundTable Technology here and we’d be happy to assist you.
Guest post written by Lydia Manchester and Brigham Prescott of Defendify.