Because we enjoy using stories to illustrate points about the importance of a cyber-aware workforce, we’ve been putting together Cyber Roundups for our core client markets. Each roundup features news on data breaches, disruptions to business, or direct financial loss.  In these categories you’ll find places affected by cyber incidents within the past several months.

Data Breaches

Under data breaches, you’ll find phishing attacks, network intrusions, and accidental data disclosures. Data breach notification laws help consumers because they require organizations to notify those affected by PII/sensitive data record loss (normally in excess of 500 persons affected).  That’s why you’ll often see counts of records estimated to be stolen in this category!

The University of Central Florida had around 63,000 current and former student and employee social security numbers stolen in February 2016.

Disruptions

Under disruptions, you’ll find places that have had to take services offline because of security incidents.  Think: direct impact to customers and brand loss.  One of the most prominent kinds of disruptions is ransomware (a type of malware) because of its ability to prevent systems from operating by blocking access to the data needed.

School was canceled for an entire day because the computers and servers had to be wiped clean of ransomware and restored in Cloquet School District, MN back in March 2016.

Financial Loss

Under financial loss, you may see stories about e-mail based wire transfer fraud known as business e-mail compromise (BEC).  The FBI estimates that BEC is the cause of about $3.1 billion in losses from companies worldwide during Oct 2013 – May 2016.  This PSA from the Internet Crime Complaint Center does a good job of explaining common BEC schemes.

In May 2016, Barton County, KS had an employee transfer over $48,000 to a cyber criminal who was impersonating an Administrator’s Office employee over e-mail.

We don’t try to include all stories in a timeframe but instead try to curate the stories to those that make for good “why do we have to learn this” security awareness examples.

How You Can Use These Stories

Here’s one example of how to use Cyber Roundup stories.

Taking a story about a breach with records lost, show what you think a similar breach might cost your organization.  Here are a couple of risk calculators to help you put a dollar amount on what that type of data breach might cost you:

http://www.ibmcostofdatabreach.com
http://www.privacyrisksadvisors.com/data-breach-toolkit/data-breach-calculators/

So-and-so-similar-organization had a data breach this past year where they had X records containing employee PII stolen.  They had to purchase credit monitoring for everyone affected and spent X on data breach incident analysis.  If we were to have something similar happen here, it could cost us almost ___$$___.”  In so-and-so’s case, it was an employee who fell for a phishing e-mail that let the bad guys in.  Let’s not be so-and-so and all learn to recognize phishing e-mails!

You can find the most current Cyber Roundups here.

We update these every six months or so, so be on the lookout for fresh cybersecurity stories!