In the 1969 film Butch Cassidy and the Sundance Kid, after Butch and Sundance rob Union Pacific Railroad (“Union Pacific”) the first time, Union Pacific employs a stronger safe. After Butch and Sundance rob Union Pacific a second time, Union Pacific forgoes the safe and hires a posse of unrelenting gunmen, hell bent on capturing and/or killing the duo. The posse ultimately forces Butch and Sundance to flee to Bolivia—where they resume their bank-robbing antics. Ultimately, it takes the Bolivian army to stop them. In their case, albeit fictional, the active deterrent (the posse) was more effective at protecting Union Pacific’s money than the passive deterrent (the safe), in part, because Butch and Sundance were highly-motivated actors.
Your company’s controller receives an email instruction from your CEO to wire funds to complete a time-sensitive and confidential deal–seems like a clear directive to execute, but it’s not. It’s an increasingly common scam known as the “Business E-mail Compromise” (BEC).
With the most significant of cyberattacks resulting in millions of dollars in costs, irreparable damage to a company’s brand, and key executives getting fired, organizations must begin to prepare for what most experts think is the inevitable breach. And yet, when it comes to cybersecurity, many still think of it like physical security: a matter for professionals to handle by fencing in a campus perimeter, putting the most important entry points under lock and key, and assigning someone to monitor the video surveillance.
But cybersecurity does not work like physical security. In the “The Cybersecurity Playbook: Building Effective Attack and Breach Preparedness” chapter of “Understanding Developments in Cyberspace Law: Leading Lawyers on Analyzing Recent Trends, Case Laws, and Legal Strategies Affecting the Internet Landscape” we explore strategies to reduce the likelihood of a breach but more importantly mitigate the harm whether it be reputational, legal, or key job losses that can all too often arrive in the wake of a data breach.
Cyber criminals posing as company executives have successfully made off with millions from company coffers by tricking company employees into sending them the cash. Insurers are increasingly taking the position that this type of fraud is not covered under cybercrime policies.