Risks from disclosed documents
In his report Fowler noted that the potential risks of invoice fraud from stolen documents affect both business-to-customer (B2C) and business-to-business (B2B) sales. “Disclosed invoices and internal business documents can be a template for criminals to target victims using internal information that only the business and customer would know,” he wrote. “This inside information is likely to create a sense of trust, greatly increasing the likelihood of a successful fraud operation.”
One reason for exposed corporate databases could be remote workers not working behind a firewall, said Johannes Ullrich, director of research at the SANS Institute, a cybersecurity training provider. “It takes some work to reveal the details,” he said in an interview. “It’s not a trivial thing to do.”
Cybersecurity requires discipline
Asked how CSOs can prevent employees from making mistakes with files or misconfiguring programs, Ullrich said it comes down to attacks on local surveillance. That involves proactively scanning not only the IP environment of the organization, but also those of employees, finding open ports, exposed APIs, and exposed business data.
Source link