Puerto Rico’s government has lost more than $2.6 million after falling for an email phishing scam- commentary from Webroot
February 2020 by Aldridge, Principal Solutions Architect, at Webroot
In relation to the news story that Puerto Rico’s government has lost more than $2.6 million after falling for an email phishing scam, the commentary from Matt Aldridge, Principal Solutions Architect, at Webroot:
"This attack should come as a wake-up call, as the humble phishing attack continues to catch people out. These threats are becoming more sophisticated and targeted, and it only takes one click to put an entire network at risk, or one misled employee or insecure process to lose huge amounts of money as we have seen in this case. Governments hold a huge amount of sensitive data and lessons need to be learned from this. Better security systems and most importantly security training for personnel is key here. It goes without saying that it is also critical to back up data and ensure that backup can be restored in the case of a ransomware infection, but that would not have helped in this particular case.
To mitigate future attacks, ongoing, tailored security awareness training should be implemented for staff from day one, ensuring that they are vigilant in scrutinising all the types of emails and other communications they receive. This should be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and strong password policies, along with carefully designed and orchestrated processes to catch fraud attempts such as this."