School’s Back But Phishing Season's Still Open 

It’s that time of year again, school’s back in session. For many, that means putting down the fishing rod and picking up the books. However, not for cybercriminals whose phishing season never ends.

In a recent example, Macleans reported MacEwan University got “duped out of $11.8 million” in an apparent spear phishing incident. They explain how the criminals were extremely persistent, communicating for months with the finance department. Ultimately, officials were tricked by hackers into changing payments to go to what seemed like their vendor’s new bank.

It’s more proof that hackers don’t discriminate, like jumping in at an opportune time for a busy school system readying for the new academic year.

Today’s phishing emails are rampant and target all industries and organizations of all sizes. Hackers are getting better each day, carefully crafting seemingly authentic emails that seduce employees into clicking links, opening files, sending confidential information, or transferring money.

They’ve got a lot of tricks up their sleeves, and acting as a key vendor or customer are common ones.

Don’t be fooled, many of these cybercriminals are well schooled in their trade. They are methodical and patient, taking time to understand business relationships in preparation of an attack—something they can do by simply researching websites, social media channels, and news outlets.

So how does an employee get “schooled” by a hacker?

The business world is fast and furious, with deadlines and goals to be met. Cybercriminals know that and that’s where mistakes can be made. For example, we all encourage our teams to provide exceptional support and service. When a customer asks for something to be done, employees move quickly to facilitate, answering emails and phone calls with the end goal of keeping that customer happy. It makes sense. At the same time, it’s that same urgency that leaves us prone to errors, including not taking the time to verify details every step of the way—like an account number that’s changed in an email thread or a link that goes to a web page that has one character off.

We all need to slow down and business leaders need to build a culture of cyber awareness.

The ultimate goal should be to make every team member a defender of the organization and have clearly defined, tested, and trained procedures in place. This goes well beyond the finance department. Imagine how much sensitive data your sales, operations, or engineering teams have as well.

To develop a culture of cybersecurity, establish an ongoing cybersecurity program that includes regular awareness training, phishing simulations, and threat notifications. Prioritize education and testing so the next time your team gets phished, the hackers are the ones getting “schooled.”

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage is sure to enter the discussion. Maybe you’ve already delved into this topic, as cyber insurance has become an essential cornerstone of every information security program. Many overriding factors will affect your ability to obtain and retain the coverage you need at a reasonable rate—and a successful approach is tied closely to a comprehensive cybersecurity posture.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Faster. Smarter. Stronger.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One cybersecurity.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.