4/10/2023
Call to sack staff who click on common email
The head of a major financial services company says employers need to have a zero-tolerance approach to staff who continuously click on suspicious emails.
Cybercriminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.
According to IT Brief Australia, 46 per cent of Australian organisations analysed were victims of spear phishing in 2022 and global organisations received five highly personalised spear-phishing emails per day on average.
Spear phishing is a type of phishing that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.
Frank Lombardo, the chief operating and technology officer at Insignia Financial, told the Australian Financial Review that phishing, and malware remains “one of the largest ways that threat actors get into your organisation”.
His firm has a novel way to educate staff on the dangers of phishing and malware. “We’re performing regular tests on our people pretty much every day, and we’re sharing those results with [staff]. That’s part of the awareness and education and training,” he said. Clicking on the emails, or failing some other security tests, can be a firing offence, he said.
However, Mr Lombardo said such a dramatic action doesn’t happen overnight. “It’s multiple failures,” he explained.
“Ultimately, you need to recognise that if you’ve done everything that you can and if there’s a weakness, and if it’s at that human level and the human just isn’t getting it, then you do need to take the appropriate action, because the consequences are severe if you get it wrong.
“It may even lead to performance management and exiting individuals who are just not getting it. You have to take this really, really seriously at all layers of your organisation. If you don’t, then [your company] will fail.”
Australians lost a record $3.1 billion to scams last year, up from $2 billion in 2021, according to the ACCC.
Some of Australia’s biggest corporations suffered disastrous data breaches in the last 12 months, most notably, Optus, Medibank and Latitude, leading to huge financial and reputational damage.
Up to 9.8 million Australians had their personal details stolen in the massive Optus hack in September 2022, resulting in 10 per cent of customers leaving the company since the breach.
Meanwhile, Medibank, one of Australia’s largest private health insurance providers, is expecting to spend up to $45 million relating to hacking after more than nine million customers’ data was compromised by a massive hack in October last year.
A hack of Aussie financial firm Latitude saw 14 million records stolen this year which includes 7.9 million driver’s licences, 53,000 passport numbers and records with personal information such as customers’ names, addresses, telephone numbers and dates of birth.
News.com.au