Safeguard your organization and strengthen your security culture with ThreatWatch 365
After being phished and paying out over $140,000 in fraudulent invoices, a large U.S.-based retailer turned to General Informatics to implement security measures that would strengthen its overall security posture and protect the organization from further attacks.
Project Highlights
- Multi-faceted security plan secures all access points
- Expertise ensures sufficient, up-to-date security protocols
- Ongoing education program ensures employees remain alert and invested
Phishing exploit costs organization $140,000
The accounting department of this rapidly growing organization was defrauded by a well-orchestrated phishing scheme. Through an earlier breach at either the Organization or its supplier, a threat actor uncovered information that allowed it to create two legitimate-looking invoices, each for approximately $70,000. These invoices mirrored the supplier’s real invoices, using the same format, the supplier’s logo, the name of a real contact at the supplier and products the Organization regularly purchases from the supplier.
Unaware they were being phished, the accounts payable team paid the fraudulent invoices. After recognizing its error, the Organization consulted with General Informatics, an experienced IT services provider, to devise and implement a security program that would prevent any future attacks and safeguard its environment.
Tailored four-point security plan strengthened by IT expertise
General Informatics implemented its ThreatWatch 365 security solution, a four-point security stack that includes border security, email security, endpoint management, and user education. Although elements of this multi-tiered solution can be readily deployed to protect corporate environments, General Informatics utilized its security expertise to customize the solution to meet the Organization’s unique needs.
“One of the most essential, upfront elements of devising a security plan is understanding the business, its IT environment and its processes,” explained Aaron Lancaster, Information Security Officer at General Informatics. “General Informatics has the experience to understand these factors and implement a comprehensive solution that can flex and pivot with the evolving threat landscape.”
“If you’ve been breached once, you become an attractive target for future attacks,” explained Lancaster. “It’s important to maintain a level of vigilance. Research shows that six months after an attack, people become more relaxed and complacent. Ongoing training ensures people remain aware of the red flags.”
Information Security Officer, General Informatics
Border Security
A key element of the ThreatWatch 365 solution is border security. While the organization had been using a consumer-grade firewall, this product was limited in its ability to monitor communication entry and exit points, identify threats, and protect the IT perimeter. General Informatics installed an advanced firewall that employs AI and dynamic rules to analyze behavior and scrutinize traffic for better threat identification. Continuously enhancing its intelligence through technology correlation and user behavior, it provides critical security as data entry and exit points diversify within the corporate environment.t become more diverse.
Messaging Security
The Organization also lacked an email filtering product. To rectify this, General Informatics assessed the Organization’s business to understand its risk for email fraud and implemented a message filtering product that detects risks within emails, blocking those reaching a high-risk score. This product also employs a combination of AI and behavioral analytics to enhance its filtering technology and capabilities.
Endpoint Security
To manage endpoint security, General Informatics also implemented antivirus and EDR tools that detects malware, root kits, viruses, and other threats before they can be installed on unsuspecting devices. This tool was deployed to protect end user computers as well as tablets used in the field.
To enhance threat detection and response strategies, General Informatics implemented Security Information and Event Management (SIEM) along with Security Operations Center (SOC) support to monitor and alert of any threats within the environment on a round-the-clock basis. Correlating events from multiple sources including M365 Office Online, Azure, EDR, Firewall IDS/IPS, Network sensors, and Business Email Compromise / SPAM filtering platforms and informing alerts with current threat intelligence and predictive analysis. Additionally, mobile device management (MDM) strategy was also implemented to prevent noncompliant devices from connecting to the corporate network; enabling the organization to remotely wipe corporate data, and limit that data to approved applications.
Education
To heighten user awareness of phishing attacks and other malicious exploits, General Informatics also implemented ongoing security education for the Organization’s staff. The training, delivered through short, easy-to-digest monthly videos followed by a test, explains various security risks and appropriate responses.
A simulated phishing campaign was also orchestrated to help employees recognize common phishing tactics. This continuous training not only maintains vigilance against future attacks but also equips new hires with necessary knowledge to identify and respond to threats.
With ThreatWatch 365, the organization has fostered a security-conscious culture, significantly lowering the risk of future data breaches.
Updated security protocols and ongoing education thwart additional attacks
Since embracing ThreatWatch 365, all attempted attacks—including some similar to the original exploit—have been neutralized. This ongoing protection relies heavily on continued education as well as the expertise, knowledge and skill of General Informatics’ seasoned IT team, which continues to manage the solution to ensure it keeps pace with the ever-changing threat landscape and evolves with the Organization’s needs.
“Just having the technology in place is not enough,” said Lancaster. “You need to have eyes on these technologies and processes in order for them to be effective in the long term. Attacks changes and perpetrators become savvier and use more complex technologies to execute attacks. Businesses need to be able to keep pace. General Informatics remains on the forefront of emerging threat landscapes and the technologies and processes needed to avert them.”
Working with General Informatics, the Organization remains alert to ongoing threats and is advised of new risks as they occur. This continues to be a key piece of the security puzzle, because when it comes to security, an attacker only needs one weak link to breach an organization. General Informatics’ ThreatWatch 365 solution ensures all the links in the Organization remain aware and strong.
