Data breaches dominate the headlines, but it is not always clear how they occur. Some fraudsters go to great lengths to infiltrate a network and system; however, attacks can happen because of human error.
These situations are not all that rare. Fortune released its findings from the Sony Cyber Attack, which shows not just a problem with cyber security but the lack thereof. A recent example of an incident is, an attack of a London-based hedge fund.
The Sony Cyber Attack proved to corporate America that is does not matter to a fraudster how big or powerful a company may be. Fortune Magazine raised awareness to the Sony attack with a 12,000-word story by Peter Elkind, Editor-at-Large, in the July 1, 2015 issue.
It is troubling to customers and businesses that an electronic company could be so ill prepared. However, companies can learn from Sony’s mistakes; as an example, reports state that the company’s e-mail system did not offer two-factor authentication, which is such a common practice that Gmail users have seen the practice.
In addition, Fortune’s findings claim that Sony previously kept up to seven years worth of unencrypted e-mails, passwords in unprotected documents and more. These findings support statements of what Jason Spaltro, who is now Sony Pictures’ senior VP of information security told CIO in 2007.
“We literally could go broke trying to cover for everything,” Spaltro told CIO. “I will not invest $10 million to avoid a possible $1 million loss,” he reasoned. “It’s a valid business decision to accept the risk.”
Although, the statement is more than seven years old, it conveys a point of view that remained over the years. Preparation is key and while the costs may seem overwhelming, businesses must protect the data they store. Therefore, the lack of awareness and pro-activity ultimately affected Sony. As a result, what may have been a $10 million investment for a $1 million loss in 2007 is now much larger than that for what some are considering one of the worst cyber attacks of the century.
Unlike Sony’s situation, which was a compilation of numerous issues, the hedge fund, Fortelus Capital Management LLP in London relied on cyber technology too much. According to the Daily Mail, Thomas Meston, former CFO at Fortelus Capital Management lost £740,000 (more than 1.1 million USD). Allegedly, this resulted in the CFO thinking that the company’s bank was calling regarding fraudulent activity and gave sensitive bank information.
The two situations convey that there is a significant need for strong cyber security procedures for companies of all sizes. However, it is equally important for companies to equip employees with the necessary tools and training to handle situations that may put data at risk for fraudsters to take.