Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Financially Motivated Whaling Attacks
In a previous blog post, a colleague discussed a wire transfer fraud attack aimed at a company’s CFO. He stressed the importance of having the proper people and process control strategies in place to help protect your organization and laid out important tactics you can add to your policies to prevent fraud. It was stated that you should not rely solely on technology to protect your organization, which is true, but it is an important component.
On any given day, many people receive hundreds of emails. But when an employee receives an email from their CEO, CFO or another senior executive, they are more likely to notice and respond. Unfortunately, this natural human behavior is exactly what malicious actors are exploiting in the latest “whaling” attack.
Whaling is a focused phishing email targeted against senior executives of a company, or those with special access to information (aka the “big fish”). Recently we have seen an uptick in a type of whaling attack targeted against individuals in finance. An individual (e.g. the CFO or head of accounting) who is authorized to handle money receives an email from an attacker (posing as a senior executive) looking to steal money by asking to initiate a wire transfer. If the individual takes the bait, the impact of a successful attack is obvious in the monetary loss to the company.
While the list is long, there are some key things that can be done from a technology perspective to mitigate this social engineering threat.
Fraud is not new, however, it is continuously evolving. Even this latest attack has been evolving over the last few months. It started out targeting domestic operations, but we have seen the strategy shift to target international employees that handle back office authorizations for money transfers. This is why it important to implement company-wide security strategies that include all three components: people, process and technology.
July 21, 2015
Learn how we can help secure your date throughout its lifecycle.
Let us know what you need, and we will have an Optiv professional contact you shortly.