KnowBe4 Case Study Shows Financial Institutions Remain at Risk of Cyberheists

CLEARWATER, Fla. (Press Release – February 7, 2012) – Internet security awareness training firm KnowBe4 is advising small and medium enterprises to take heed of the recent PricewaterhouseCoopers (PwC) Global Economic Crime Survey, which reports that cybercrime is now among the top four economic crimes reported by businesses. The PwC findings reveal that nearly 1 in 4 survey respondents experienced cybercrime incidents over the past year. KnowBe4 illustrates the potential repercussions in a cybercrime case study, which documents a financial industry cyberheist at a Utah credit union.

“As the PricewaterhouseCoopers survey shows, cybercrime continues to be an economic threat to businesses worldwide,” said Stu Sjouwerman, KnowBe4 founder and CEO. “In addition to direct financial losses, companies can also suffer loss of reputation – and loss of business – if customers’ personally identifiable information is stolen. Certain industries, such as financial services and healthcare insurance, are among those at greatest risk. That’s why it’s critical for organizations to have multiple levels of security in place, and to involve the entire enterprise in protecting corporate networks.”

The importance of cyber security measures is emphasized throughout the PwC report, which places the responsibility on business owners and senior management. “Traditionally, leaders have pigeonholed cyber security as an IT problem. But that’s a risk approach that could leave them open to attack,” warned William Beer, Director of Cyber Security Services for PwC UK. “Organizations need to make sure they have got the right defenses in place. And that is something that needs to come from the top.” This advice also appears in PwC’s list of five ways to protect against economic crime, which argues in favor of: “Leadership by a cyber-savvy CEO, who instills a cyber risk-aware culture.”

According to the World Economic Forum’s Global Risks Report 2012, “While significant resources have historically been needed to cause devastating consequences for geopolitical or corporate powers, it is increasingly possible for skilled individuals to do so remotely and anonymously through networked computer systems. … Any device connected to a network of any sort, in any way, can be compromised by an external party. Many such compromises have not yet been detected.”

Through social engineering tactics, cybercriminals are able to target unwitting employees and circumvent security precautions. Sjouwerman cites a KnowBe4 case study documenting a cyberheist at the Treasury Credit Union, a federal financial institution in Salt Lake City, Utah. Despite the credit union’s antivirus protection, unknown perpetrators were able to infect an employee’s computer with malware and steal the worker’s login credentials – all without detection. The cyberthieves then proceeded to initiate a series of at least 70 wire transfers, mostly in increments of $5,000 or less. By the time the breach was noticed and the transfers halted, the unidentified cybercriminals had netted more than $100,000.

KnowBe4’s case study demonstrates that nobody is immune to cyber attacks, no matter how seemingly well-protected their systems appear to be. “Business owners have an obligation to ensure all personnel have formal Internet security training. They should also understand their attack footprint in terms of publicly available email addresses, and take appropriate precautions,” cautioned Sjouwerman.

Given the potential for financial losses and identity theft when corporate or customer data is compromised, Sjouwerman reports that KnowBe4 is increasingly being approached by business in high-risk sectors, such as the financial industry and healthcare insurance providers. Armed with Internet security awareness training, employees are better prepared to identify and avoid phishing attacks and other social engineering techniques.

There are several immediate steps organizations can take to minimize their susceptibility to cyber attacks. Sjouwerman invites business owners to take advantage of KnowBe4’s cybercrime prevention resources, including a free email exposure check (EEC), which will reveal all company email addresses that can be readily accessed by cybercriminals and used in phishing scams.

For more information on KnowBe4’s Internet security awareness training and free cybercrime prevention tools, visit

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He and his colleagues work with companies in many different industries, including highly regulated field such as healthcare, finance and insurance. Sjouwerman is the author of four books; his latest is Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

Comment ▼

Leave a Reply

Your email address will not be published. Required fields are marked *