Tag: #cybersecurity

Dell Technologies Strengthens Cyber Resiliency with Multicloud Data Protection and Security Innovations

Dell Technologies (NYSE:DELL) is expanding its industry leadership in data protection appliances and software1 to help customers protect their data on premises, in public clouds and at the edge.

The Dell PowerProtect Data Manager Appliance leads a series of advancements for multicloud data protection that are simple to use and easy to consume. Dell innovation in AI-powered resilience and operational security accelerates the adoption of Zero Trust architectures, helping protect organisations from the increasing threat of cyberattacks.

The new solutions help address rising data protection challenges facing organisations. According to the 2022 Dell Global Data Protection Index (GDPI) survey, organisations have experienced higher levels of natural and modern disasters than in

previous years, resulting in more data loss, downtime and recovery costs. In the past year, cyberattacks accounted for 48% of all disasters (up from 37% in 2021), leading all other causes of data disruption. The survey also revealed 85% of organisations using multiple data protection vendors see a benefit in reducing their number of vendors. Furthermore, it revealed that organisations using a single data protection vendor incurred 34% less cost recovering from cyberattacks or other cyber incidents than those who used multiple vendors.

“With virtually everything connected to the internet in today’s digital world, the need to protect valuable data is more important than ever,” said Jeff Boudreau, president and general manager, Infrastructure Solutions Group, Dell Technologies. “This digital landscape requires a modern data protection and security strategy to address cyber threats. Point solutions don’t go deep or wide enough to help protect organisations. Dell helps customers strengthen cyber resiliency by offering integrated data protection software, systems and services to help ensure data and applications are protected and resilient wherever they live.”

The GDPI survey found that 91% of organisations are either aware of or planning to deploy a Zero Trust architecture – a cybersecurity model that shifts how organisations approach security from relying solely on perimeter defences to a proactive strategy that only allows known, authorized traffic across system boundaries and data pipelines. However, only 23% are deploying a Zero Trust model and 12% are fully deployed. With embedded security features, designed into the hardware, firmware and security control points, Dell’s holistic approach helps organisations achieve Zero Trust architectures to strengthen cyber resiliency and reduce security complexity.

The simplest path to modern data protection

Dell continues to deliver innovation for its data protection software, Dell PowerProtect Data Manager, to help organisations simplify their IT operations and reduce risk. PowerProtect Data Manager software addresses the increasing need for cyber resiliency and supports Zero Trust principles with new built-in operational security capabilities, such as multifactor authentication, dual authorization, and role-based access controls.

The Dell PowerProtect Data Manager Appliance offers a simple path to adopt modern data protection. The debut system is ideal for small and mid-sized use cases with support that scales from 12 to 96 terabytes of data.

The appliance offers customers a:

  • Modern, software-defined architecture: Allows automated discovery and protection of assets and delivers unique VMware protection to ensure the availability of all VMs without business disruption.
  • Secure, cyber resilient solution: Provides more secure access to restricted functions with Identity and Access Management to strengthen cyber resiliency.
  • Simple, unified user experience: Delivers software-defined data protection, making it easy to deploy and use.

“Dell PowerProtect Data Manager simplifies our backup environment, giving us the business agility needed to protect our data as we digitally transform,” said James McNair, vice president, distributed systems manager, Trustmark Bank. “With the new Dell PowerProtect Data Manager Appliance, we can more simply deploy Data Manager across our infrastructure, helping us be more efficient and strengthening our cyber resiliency.”

Dell expands cyber recovery for fast, easy-to-deploy public cloud vaults

PowerProtect Cyber Recovery for Google Cloud enables customers to deploy an isolated cyber vault in Google Cloud to more securely separate and protect data from a cyberattack. Unlike standard cloud-based backup solutions, access to management interfaces is locked down by networking controls and can require separate security credentials and multi-factor authentication for access.

Organisations can use their existing Google Cloud subscription for purchasing PowerProtect Cyber Recovery through the Google Cloud Marketplace, and the service can be acquired directly from Dell and its channel partners.

The new offering marks the latest expansion of Dell’s cyber recovery capabilities for public clouds, following this year’s introduction of Dell PowerProtect for Microsoft Azure and CyberSense for Dell PowerProtect Cyber Recovery for AWS.

 Dell APEX simplifies backup storage with flexible consumption options

 Dell APEX Data Storage Services is expanding to offer a Backup Target option to provide a more secure backup storage in a pay-per-use, flexible consumption model. The Backup Target service is easy for customers to adopt and streamlines the process of purchasing, deploying and maintaining backup storage. Building on Dell’s data appliance and data protection leadership, the Backup Target helps reduce a customer’s storage footprint and can increase data availability.

The new Dell APEX Data Storage Services Backup Target offer will support the increasing reliance on as-a-Service offerings to help overcome data protection challenges. Nearly every GDPI respondent (99%) identified at least one as-a-Service offering as a high priority to help overcome challenges for their organisation. Storage as-a-Service (44%), Cyber Recovery as-a-Service (41%), and Backup as-a-Service (40%) ranked as the top three as-a-Service priorities.

Additional quote

Seife Teklu, senior solutions architect, Arrow Electronics

“The integrated Dell PowerProtect Data Manager Appliance is easy to use and quick to deploy. This system will be a compelling option for our small to medium-sized customers needing to modernize data protection to help reduce risk and ensure business continuity.” 

Availability

  • Dell PowerProtect Data Manager Appliance is globally available this month in more than 15 countries across North America, Latin America, Europe and Asia Pacific.
  • Dell PowerProtect Data Manager software is globally available today.
  • Dell PowerProtect Cyber Recovery for Google Cloud Platform is globally available today.
  • Dell APEX Data Storage Services Backup Target will be globally available in the first quarter of 2023 in 16 countries across North America, Europe and Asia Pacific.

How can you improve the cyber security of your business?

In the digital age we live in, most of the work produced by businesses is online which leaves them susceptible to cyber-attacks. In September 2022, there were more than 35 million compromised records as a result of cyber-attacks and data breaches which puts people’s personal information at risk of falling into the wrong hands. 

To combat this, businesses will need to improve their cyber security to keep their information, their employee’s information and their customer’s data safe. Failure to do this may lead to a lack of trust in the company.

What is cyber security?

Cyber security is the level of protection your online systems have. If this is weak then you could be compromised and lose valuable and sensitive data to cyber criminals. This is why it’s important to take every step against this. This starts with looking over your entire system to find potential weak points that attackers could exploit. Once a team of experts finishes an IT security audit and identifies these risks, you can take steps to improve your cyber security and protect your business. Taking the right measures greatly reduces the risk of being attacked and is a vital part of running a business in today’s digital world.

How can companies bolster their cyber security?

There are numerous ways for business owners to increase their security depending on their budget. This includes:

Antivirus software

Your first line of defence is good antivirus software to protect your devices from malware attacks. It will detect potential attacks and remove any threats to your computer or laptop. There are many types of malware that can affect your laptop and antivirus software can often protect you from them all.

Training staff

The main weakness of your cyber security as a business is the people within the business. They may be the ones to allow malware to get into your business because they don’t know how to spot it. That’s why you should make sure to train all staff on how to spot phishing attempts and cyber-criminal activity. Consider partnering with experts like SupercityOS out of Dartmouth, NS, an IT company specializing in cyber security training, to provide comprehensive training programs for your staff. This proactive approach ensures that your team is well-equipped to identify and mitigate potential cyber threats, enhancing the overall security posture of your business in today’s digital world.

Using password software

Using a password generator and storage software will help you and your employees to generate high-strength passwords that are very difficult to guess. This is much better than allowing employees to create their own passwords which may be easier to guess and breach. Most people reuse passwords, so if your employee’s personal devices are hacked then the cyber criminal may then target their work devices.

Don’t forget about physical security

Similarly, your business’ data can’t just be compromised online through hacking but it can also be obtained physically through a breach of property. You can protect your office using a drill to secure locks to doors so they cannot be opened whilst the office is not in use. It is also recommended for employees to have lanyards to pass through security gates so that only employees can enter the office.

Don’t leave your company’s data to chance and allow hackers to steal it all. Implement the strategies above so you don’t have a cyber-attack down the line.

 

62% of consumers still choosing to use repeat passwords despite surge in cybersecurity breaches and education, LastPass research reveals

LastPass has released findings from its fifth annual Psychology of Password findings, which revealed even with cybersecurity education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen Z, the research shows a false sense of password security given current behaviours across the board. In addition, LastPass found that while 65% of all respondents have some form of cybersecurity education – through school, work, social media, books or courses – the reality is that 62% almost always or mostly use the same or variation of a password.

The goal of the LastPass Psychology of Passwords research is to showcase how password management education and use can secure users’ online lives, transforming unpredictable behaviour into real and secure password competence. The survey, which explored the password security behaviours of 3,750 professionals across seven countries, asked about respondents’ mindset and behaviours surrounding their online security. The findings highlighted a clear disconnect between high confidence when it comes to their password management and their unsafe actions. While the majority of professionals surveyed claimed to be confident in their current password management, this doesn’t translate to safer online behaviour and can create a detrimental false sense of safety.

Key findings from the research include:

  • Gen Z is confident when it comes to their password management, while also being the biggest offenders of poor password hygiene. As the generation who has lived most of their lives online, Gen Z (1997 – 2012) believes their password methods to be “very safe”. They are the most likely to create stronger passwords for social media and entertainment accounts, compared to other generations.

However, Gen Z is also more likely to recognise that using the same or similar password for multiple logins is a risk, but they use a variation of a single password 69% of the time, alongside Millennials (1981 –1996) who do this 66% of the time. On the other hand, Gen Z is the generation most likely to use memorisation to keep track of their passwords ( 51%), with Boomers (1946 – 1964) the least likely to memorise their passwords at 38%.

  • Cybersecurity education doesn’t necessarily translate to action. With 65% of those surveyed claiming to have some type of cybersecurity education, the majority (79%) found their education to be effective, whether formal or informal. But of those who received cybersecurity education, only 31% stopped reusing passwords. And only 25% started using a password manager.
  • Confidence creates a false sense of password security. While 89% of respondents acknowledged that using the same password or variation is a risk, only 12% use different passwords for different accounts, and 62% always or mostly use the same password or a variation. To add to that, compared to last year, people are now increasingly using variations of the same password, with 41% in 2022 vs. 36% in 2021.

“Our latest research showcases that even in the face of a pandemic, where we spent more time online amid rising cyberattacks, there continues to be a disconnect for people when it comes to protecting their digital lives,” said Christofer Hoff, Chief Secure Technology Officer for LastPass. “The reality is that even though nearly two-thirds of respondents have some form of cybersecurity education, it is not being put into practice for varying reasons. For both consumers and businesses, a password manager is a simple step to keep your accounts safe and secure.”

For more information and to download the full Psychology of Passwords research findings, please click here.

Irish Girl Guides Develop their Cyber Powers During Cyber Security Awareness Month

The Irish Girl Guides (IGG) have partnered with Bank of America to promote cyber safety, with the launch of a new Cybersecurity Badge for their Ladybird, Brownie, and Guide branches. At a time when cybercrime is costing the Irish economy c.€9.6bn per annum and over half of children have confirmed that they have been cyberbullied, the new partnership between the Irish Girl Guides and Bank of America that this year alone will benefit over 2,300 girls, age 5-17 yrs and support them in developing cybersecurity skills.

The launch of the new Cybersecurity Badge programme, created by Dublin based cyber security and technology experts is designed to promote the responsible use of technology and teach the Girl Guides how to stay safe online while also showing the girls and young women the exciting uses and opportunities within the technology industry.

Partnering with Bank of America and its highly skilled team of technology experts enabled IGG to develop a bespoke age-appropriate curriculum that encourages girls and young women to explore different aspects of technology in a responsible, fun and educational way. The women within the technology sector of Bank of America represent great models for the Girl Guides to follow as they show the girls what hard work and determination achieves. Ultimately, this partnership is an amazing opportunity that further supports IGG mission in enabling girls to discover their full potential and become responsible, savvy users of technology.

Roisin Mills, the Brownie Branch Chairperson of Irish Girl Guides, is especially enthusiastic about this partnership saying, “Working in the IT industry as I do, I feel it is really important for all to know how to stay safe online. This badge programme developed by IGG with support from Bank of America will help our girls develop knowledge about how to practice safety and precaution online in a fun and memorable way. This is only the first step in building a foundation and interest in STEM; inspiring girls to uncover their potential and introduce them to the possibility of a career in the STEM field. I cannot wait for my Brownies and Guides to complete the badge!”

It is no coincidence that the Irish Girl Guides chose the month of October in which to launch this badge. October is globally known as International Cybersecurity Awareness Month (ICSAM); a month-long public awareness campaign between governments and industry, which aims to raise public awareness about cyber security best practices, and how to stay safe online wherever you are in the world. To celebrate the launch of the badge programme coinciding with ICSAM, the Irish Girl Guides have released a very special cyber edition of their seasonal magazine, Trefoil News.

Michelle Garrigan, Cyber Threat Intelligence Lead for Europe, Middle East and Africa at Bank of America said: “Bank of America is delighted to support the development of IGG’s new Cybersecurity Badge. Educating young women and girls on cybersecurity and staying safe online has become increasingly important in today’s technology driven world, and our team of technology experts are proud to have supported the development of this new and modern badge to the Irish Girl Guides curriculum which will benefit over 2,300 members.”

The Cybersecurity Badge programme offers a unique opportunity to learn about personal security from an early age and develop good practices that will serve them well for years to come. Each badge is comprised of activities and games that teach girls and young women taking part the foundations to prevent cyber risks and the appropriate protocol when encountering them. This badge programme which supports each of the Girl Guide branches, covers important topics such as the basics of technology and the internet, password security, risks associated with information sharing, and teaches the girls how to spot online scams.

Claire Barkey, CEO of Irish Girl Guides, believes the awareness of cybersecurity is crucial for young girls and women; “Thanks to the support of Bank of America, IGG have been able to revitalise badges that support an awareness of cyber safety at a time when it is  important for young girls and parents to be familiar with the opportunities and challenges online.  IGG take great pride in ensuring our programme is relevant and contemporary for our members and supporting young girls to understand different aspects of the IT industry will promote opportunities in STEM moving forward.  We are excited to partner with BOA and look forward to more opportunities for collaboration!”

Phishing emails revealed as biggest cybersecurity threat to SMEs but 50% don’t have security solution in place

A brand-new Cyber Security Pack has been created by Magnet+, Ireland’s largest connectivity network, to help Irish businesses protect themselves against the significant rise in phishing emails as well as other types of vulnerabilities, threats or breaches.

This new product was especially devised by Magnet+ and its security partner Exponential-e, following research conducted by the company which revealed that almost one in four businesses say that email attachments pose the greatest cyber security threat to their business. However, the survey also revealed that 50% of businesses have not implemented an email security solution to prevent this.

So, what does “Phishing” actually mean?

“Phishing” occurs when a cybercriminal impersonates a reputable business or person in an email or other form of communication such as SMS or direct message on social media. Phishing emails often contain malicious links or harmful attachments that can be used to steal confidential user data such as login credentials or credit card numbers. Opening an unknown and potentially unsafe email attachment can have a detrimental impact on any business – not only in terms of financial loss and loss of business, but also reputational damage.

How will the Magnet+ Cyber Security Pack help businesses?

One element of the new product involves engaging a simulated Email Phishing Campaign that will test employee’s security awareness and see if they open a phishing attachment or not. Results will be reported, highlighting any areas for improvement while follow-up training videos will also be offered to staff.

Other elements of the new Cyber Security Pack from Magnet+, which brings a unique mix of services together for the first time making it a beneficial tool if you are planning to invest in cyber security insurance include:

  • A monthly vulnerability scan which will identify weaknesses within your existing security systems by mimicking the actions of the most effective cybercriminals and offer advice on where your business should implement any extra required precautions.
  • A one-off three-day penetration test where intensive attempts are made to break through your cyber defences over a three-day period employing the same tactics used by attackers. This is crucial to identifying weak spots and gaps in your cyber security system already in place.
  • A one-off Cyber Essentials self-assessment which will act as a baseline certification for IT architects and consultants. Magnet+ help secure and protect what you value most 24/7, allowing you to focus on your core business services.

The new product currently being rolled out by Magnet+ is in partnership with international IT, communications and technology innovator Exponential-e.  Magnet+ customers can now be secure in the knowledge that as well as benefiting from world class technical expertise, their business will have the highest level of cyber security controls possible.

Cyber security in the post-pandemic world, headlines the agenda for the Integrity360 Security Roadshow 2022

Integrity360, UK and Ireland’s largest cyber security services specialist, has announced the agenda for the launch of its Security First Roadshow 2022 that will take place on 5 different dates, across 5 different locations around the UK and Ireland. Post pandemic cyber security will headline the event, as Richard Ford, CTO at Integrity360, discusses the difficulties posed by the rise of remote working and puts Identity, Data and the Cloud front and centre, as organisations struggle to get to grips with the challenges.

Commencing on Wednesday 5th October in Reading, the half-day conferences (10am-2pm) will bring together industry professionals and experts to discuss the key topics effecting businesses today; from the challenges of managing remote working, to ransomware. and will give attendees’ advice and support on how to establish a security first strategy across their businesses.

Other items on the agenda will include thought provoking keynote sessions from leading cyber security specialists, alongside inciteful panel discussion and debates. The events are being sponsored by Integrity360’s cutting edge, market leading partners.

Senior experts from Integrity360 and their industry partners such as Deep Instinct, Rapid7, Mimecast, Check Point, XM Cyber and Trellix will take to the panel to provide insights on topics such as whether ransomware can put you out of business and consider the real impacts and cost of a ransomware attack.

Richard Ford, Integrity360’s CTO, says: “Threats, solutions and the costs involved, are elements that evolve as fast as the attacks that come before them. Tackling some of these vital topics is crucial and we must be prepared to get ahead of the game and put security first.”

“The success of the Security First conference earlier this year was the fuel we needed to take the show on the road. It’s a great opportunity to join forces with some of our key partners and customers to make our voices heard and share industry knowledge and advice across the UK and Ireland.

“Our recognition as a Representative Vendor in the 2022 Gartner Market Guide for Managed Security Services (MSS) and Managed SIEM, earlier this year was further testament to our growth and knowledge of the security industry and our need to continue to educate on these issues.”

The content of the Security First Roadshow is relevant to all organisations and is designed to meet the needs of professionals who have responsibility for managing cyber security, governance, compliance, risk management and IT operations.
Registration is open here.

Skills Shortage Threatens Cybersecurity of Companies

With increasing digitization, the threat of cyber attacks is also rising and so is the demand for IT security experts. According to the latest Risk & Cybersecurity Study by IT business Tata Consultancy Services (TCS), companies see the biggest challenge in cybersecurity not in the budget, but in the lack of professionals with relevant expertise. According to the study, half of European companies (49 percent) plan to hire professionals with cybersecurity skills in the future, with that figure rising to two-thirds (65 percent) in the US.

Skills shortage among top challenges for cybersecurity

Chief risk officers (CROs) and chief information security officers (CISOs) report in the survey that they have already had difficulty attracting (44 percent) and retaining (42 percent) talent with cyber risk and security skills in the past year.

The second biggest challenge according to the CROs and CISOs is a changing work environment with increased possibilities for remote work and the associated risks. For example, innumerable employees had to be given remote access to their employer’s systems and databases at short notice due to the pandemic and the resulting move to remote work. This opens up new points of attack for cybercriminals. Assessing security risks and quantifying their costs is the third biggest obstacle for the respondents.

Cybersecurity not a budget issue

Only tenth place in the ranking are budget constraints. The fact that the latter are affecting fewer and fewer companies is shown by the high level of willingness to invest: 52 percent of European companies and 62 percent of North American companies stated that they had increased their budgets for IT security since last year.

Commenting on the study’s findings, Gerard Grant, Director, Strategic Initiatives at TCS Ireland said “Keeping abreast of the most advanced tactics of cyber criminals is not a question of cost. Rather, the challenge lies in finding and retaining the right professionals with the required know-how.

TCS employs over 1,100 people in Ireland across a range of high-skilled tech related roles. TCS operates a state-of-the-art Global Delivery Centre based in Letterkenny which includes an innovation lab and plans are now in place for building further business units, together with centres of excellence in cyber security and cloud services.

How companies ensure they have a recruiting edge

One measure alone can’t solve the skills shortage. “However, companies can help fill the skills gap by using external service providers for harder-to-staff work, such as 24/7 network monitoring, while growing talent internally by giving them exposure to not only the technical but the business aspects of cybersecurity,” says Gerard Grant. In addition, the study shows that the more frequently the board of directors engages in cybersecurity, the more successful the company is in finding and holding onto their top talent with cyber risk and security skills.

TCS’ study also finds that talent retention directly correlates with how a company stores its information. Cloud-positive organizations were found to have a slight advantage in retaining and recruiting talent with notoriously hard-to-find cyber skills, compared to those companies who think that on-premises or traditional data centre security is preferable to what is available via the cloud. In fact, embracing cloud platforms gives companies a five-point advantage in recruiting and retaining talent with cyber risk and security skills.

As businesses look to keep up with rapidly evolving complexities in cybersecurity, the talent gap is widening,” said Bob Scalise, Managing Partner, Risk and Cyber Strategy, TCS“Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding, and process changes will be vital to recruiting and retaining top talent.”

The TCS Risk & Cybersecurity Study, published by the TCS Thought Leadership Institute, highlights the most pressing cybersecurity issues facing senior business leaders across Europe and North America. The study is based on the results of a survey of more than 600 CISOs and CROs, from companies with at least $1 billion in annual revenue, across banking & financial services, utilities, media & information services, and manufacturing. Topics include global risk, cybersecurity, resilience, and ecosystem/cloud security.  The survey took place in February and March 2022.

To view the full report and receive more information, visit on.tcs.com/risk-cybersecurity.

4 Ways to Protect Your eCommerce Store From Cyber Criminals

eCommerce sites have always been hot targets for cyberattacks. These stores are treasure troves of financial and personal data for hackers. For businesses of all sizes, a security breach would mean the loss of sensitive data and trust from customers. This would cause huge financial losses to the business. This post is about the steps you as an eCommerce business owner can take to protect your business from hackers.

The Importance of eCommerce Security

eCommerce website security is crucial, as it protects:

 

  • Sensitive data and the privacy of customers on a website.
  • Safeguards the finances of online businesses.
  • Prevents fraud and financial scams.
  • Defends the reputation of an online store as safe to do transactions. 

 

When security measures are not implemented on an online store, the merchant and customers alike are at high risk for scams, data breaches, payment fraud, and other bigger threats. 

Your customers need to feel that their privacy and data are protected and that none of their information will be used without their knowledge. Below are some ways to protect your online business from cybercriminals. 

Use Data Encryption

All the information that buyers put into the website has to be encrypted. This includes email addresses, credit card information, phone numbers, and other personal details that hackers might use for identity theft. These types of information are used by online criminals for phishing.

Get Secure Server Layer Certificates (SSL)

Among the benefits of using SSL certificates in your website is encrypting data that is shared online. SSL certificates ensure that the information you share reaches the intended person. It is a crucial step as data sent passes through multiple computers before the intended server receives it. 

If SSL certificate encryption is unavailable, electronic devices between the sender and server can be able to access sensitive information. Hackers can read your exposed credit card numbers, usernames, passwords, and other sensitive data. 

Use Hypertext Transfer Protocol Secure (HTTPS)

HTTPS is among the best ways you can secure an eCommerce store from fraud. It is an online protocol for a secure and safe internet connection. Websites that use HTTPS usually have a green lock in the address bar. The green lock means that the site is authentic, secure and that it is what it claims to be. 

Sites that use HTTPS rank higher in Google search ranks. However, before you enable HTTPS in your site, you need to acquire an SSL certificate.  

Use Anti-Malware Software

Your computer systems, web systems, and electronic devices need software or a program capable of detecting and blocking malware. Such kind of protective software is called anti-malware software. Effective anti-malware should scan your website round the clock. It should also let you automate and schedule scans daily, weekly etc. You can also use USB device control software to control USB devices to protect Windows OS.

 

Endnote

Online businesses should employ several security measures and protocols to ensure their stores remain afloat. Apart from the steps above, always ensure that you’ve implemented a proactive eCommerce security solution across your online businesses. 

 

Irish Cybersecurity company warns of latest scam to hit Ireland!

Galway based Cyber security experts TitanHQ have warned Irish people to be on the lookout for the latest email scam, after a school district in the United States admitted last month to transferring nearly €200,000 to an account controlled by cybercriminals.

TitanHQ are warning the Irish public that the phishing scam is likely to hit Irish shores over the coming months after phishing attacks reached an all-time high in the first part of 2022.

The Floyd County school district in Georgia received an email requesting payment, supposedly from a company that had previously completed building work for a school in the district, called Ben Hill Roofing.

They unwittingly made the payment and only realised their mistake after the real Ben Hill Roofing Company submitted an actual invoice.

The school district explained that “Floyd County Schools has been made aware of a phishing incident. This cyber-attack resulted in funds being stolen from the school system by an outside source.”

The attack is what’s known as “spear phishing”, which is a targeted attack where a cyber criminal poses as a trusted sender and will include information known to be of interest to the target, such as current events or financial documents that they might be expecting.

In a recent survey, TitanHQ found that 85% of organizations have experienced up to 17 types of security incidents in the past 12 months.

Speaking on the latest scam, Ronan Kavanagh, CEO of TitanHQ explained that:

“Cyber criminals have become more and more sophisticated, finding ways to create scam emails and websites that look legitimate. 

We would urge people to be extra cautious and always verify the sender’s contact details. 

If a vendor or customer you are familiar with contacts you via email, asking you to change their account payment details, or anything else that seems suspicious, then be sure to reach out to your direct contact at the company to make sure the request is legitimate.”

The visible consequences, and the financial consequences, of these incidences, are really ringing home with people. And the reality is they are becoming more sophisticated, they are becoming more prevalent, and they’re affecting all different areas, not just large entities like the HSE and Universities but also smaller businesses, many of which you just don’t hear about.

Here are some tips to help you prevent phishing attacks

  1. Learn to spot phishing attacks
  2. Improve Email security
  3. Provide training to boost security awareness
  4. Update web browsers regularly
  5. Install and use an antivirus program
  6. Disable popups and adapt a reporting policy
  7. Use a DNS filter