The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Sending a BOLO (Be On The Lookout) to all Finance Departments

See Article Here

One of the more interesting developments in cyber security and fraud is the growth of the Business Email Compromise (BEC) scheme. This cyber crime, also known as, CEO fraud, is not very sophisticated, basically, it’s someone pretending to be a senior company official, like the CEO and finds a way to trick an employee into sending them money, through some sort of payment process.

The interesting thing about how some attacks begin starts with something as simple as the email account and password of someone in the payment process. How do you think an attacker gets this information? Interesting enough some occur because employees register for third-party services, like LinkedIn with their company credentials. Many of whom, use the same password that they use on the corporate network. <GASP> Yes. It happens.

Security vendor Digital Shadows reviewed their repository of compromised credentials through third-party breaches and found that “33,568 email addresses for finance departments had been exposed via third-party breaches. For 83 percent of those email addresses, the passwords for the accounts were also exposed.” According to the article, the cost of obtaining these valuable credentials now runs between $150-$500.

To battle a part of this companies may want to consider, in its Acceptable Use Policy, restricting employees from using company email to register for non-business related third-party sites. It won’t stop the war against BEC, but it can help win at least one battle.