1-888-643-2217 Email ABEX
Keeping you updated

Tag Archives: cyber risks

Cybercriminals Ruin Escrow Firm and Cause Job Losses

Hacker and laptop waiting for somethingEfficient Services Escrow Group of Irvine, California, was subjected to a $1.5 million Cyber heist that caused it to go out of business and lay off all 9 of its employees. Escrow companies are responsible for safeguarding funds, and if escrowed funds are at risk, the state regulator has the right to step in and protect those escrowed funds.

What went wrong?

Between December 2012 and January 2013, Efficient Services was hit with three separate fraudulent wire service transfers. These were from the company’s bank, First Foundation of Irvine, CA, to bank accounts in Russia and China.  The first $432,215 that left Efficient Services’ account on Dec. 17 was recovered from Russia, but two other wires totaling over $1.1 million, which were sent to China on Jan. 24 and Jan. 30, were not recovered.

Efficient Services reported its losses to the California Department of Corporations on February 22, which launched an investigation. On Feb. 28, The Department of Corporations froze the escrow company’s activity and noted that the company had previously had instances of negligent bookkeeping and record-keeping practices.

According to former Washington Post reporter and now fraud blogger Brian Krebs, who first reported the Efficient Services incident on Aug. 13, the bank initially thought the losses resulted from embezzlement, not an account hack.

Why is this important?

Since then, a state investigation determined that a cyber theft was to blame for the losses. The cause of the incident was a remote access Trojan virus that was planted in Efficient Services’ systems. Nonetheless, the escrow company, unable to make up for its losses, has closed.

This incident now stands as one of the largest account takeover cases on record, eclipsed only by the June 2010 Global Title Services theft, which resulted in $2 million in fraudulent transfers and just over $200,000 in unrecovered losses. 

Lessons Learned

In a case like this it is hard to determine whether the responsibility lies with the company or the bank.  No litigation has been filed yet, but a civil suit may be filed in order to resolve the issue of responsibility for this case. Regardless, the fact remains that a cyber security breach has caused the company to close its doors and terminate jobs. 

This cyber attack killed a viable business that was on its way to clear half a million in profits in 2014 and a million the year after.


Employee Data Leaks a Major Cyber Risk

Bradley Manning-1297457129899_ORIGINAL

U.S. soldier Bradley Manning is escorted out of a courthouse during his court martial at Fort Meade in Maryland, August, 20, 2013. (REUTERS/Jose Luis Magana)

The case of Bradley Manning, the U.S. soldier convicted of the biggest breach of classified data in the US history by providing files to WikiLeaks, highlights how employees can pose a major vulnerability to the internet security. 

In 2010, Manning turned over more than 700,000 classified files, battlefield videos and diplomatic cables to WikiLeaks, the pro transparency website, in a case that has commanded international attention. Manning was sentenced to 35 years in prison on Wednesday and this sentence is unprecedented in its magnitude for providing secret material to the media. Please click on the link to read more in the Toronto Sun article:  Bradley Manning sentenced to 35 years in WikiLeaks case

This case shows how some of the most damaging cyber-attacks involving deliberate policy violations come from within the business, in ways that many employers overlook when it comes to their cyber security. It’s an employer’s worst nightmare—an employee is dissatisfied with his or her job and decides to defraud or steal from the company. Employees can cause enormous damage by committing these crimes.

According to a 2012 occupational fraud report by the Association of Certified Fraud Examiners (ACFE), the typical organization loses 5 per cent of its annual revenue to fraud. It also reported that the median loss caused by fraud was $160,000. For a small company, this could mean the end of the business. Small businesses are more at risk because owners inherently treat their employees like family, leading to complacency and lax security measures. Small businesses also tend not to have anti-fraud measures in place as many lack the knowhow and enforcement capabilities of larger businesses. Nearly half of victim organizations do not recover any losses that they suffer due to fraud.*

ABEX has partnered with WatSec to provide employee security awareness training as part of our Cyber Risk Management Program.  The security awareness training prepares every staff member with the critical skills necessary to work productively while being vigilant for potential security threats. 

Please contact ABEX and WatSec for more information on how you can effectively manage your cyber risks.

 

*Source: ©2013 Zywave, Inc

Consider Your Email Exposure

Keyboard 2

Before sending, your employees should stop and think, “Would I like this email to be seen on the front page of my morning newspaper?”

Email is a standard for business communications. According to a study by the Radicati Group, the average corporate email user sends and receives about 112 email messages each day. Because email as a business tool is here to stay, companies need to take the time to recognize and manage the risks that electronic communications present.

Today, emails are some of the most important records recovered in discovery requests during litigation. With the false privacy email messages provide, people send and receive lots of information that they wouldn’t want others to know about. They don’t realize that information in emails is easily recovered as evidence during litigation, even if the email message was deleted, indicating who received what information and when.

To equip your organization with the right tools to prevent and protect against these risks, a group of employees should be assigned to develop guidelines and procedures regarding emails and other electronically stored information (ESI), such as instant message logs and electronic files. At least one member from the management, legal, information technology and human resources teams should be involved in this process to make sure that the best interests of the entire organization are met.  Click here to read more.

 


Cyber Risk Chat with WatSec

watsecLogoOn Monday April 8, 2013 the cyber risk experts from WatSec had a joint-live chat with CMA Ontario on Twitter.  The chat generated some very valuable tips and insights into Cyber Risk Management. WatSec® president, Doug Blakey, answered a variety of questions on the topic.   Click here to read some of the highlights from that eye-opening chat.

WatSec® helps organizations of all sizes manage overall cyber risk through a unique and practical combination of training, technology and insurance. WatSec® works with senior executives and business owners who understand the need to manage cyber risk, but are unsure how best to invest a limited budget.  Their ongoing WatSec TUF program highlights simple, effective ways to reduce your risk.  ABEX enables you to transfer any remaining risk from a position of strength through your insurance.  Click here to learn more.

 

 


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn