SVB Downfall and Cybersecurity
March 2023 by Greg Notch, Chief Information Security Officer, Expel
As we continue to monitor the pulse of SVB downfall, a commentary from Greg Notch, Chief Information Security Officer of Expel, on the cybersecurity risks presented by this situation.
“The Silicon Valley Bank collapse is sending ripples throughout the finance and tech sectors. It’s also creating the ideal conditions for cyber criminals to take advantage of resulting confusion to perpetuate phishing and business email compromise (BEC) attacks.
The opportunity for fraud here is massive. All it takes is for an attacker to alter or trick you into altering a few account and routing numbers, and money then flows to the attacker, rather than your vendor or into your own accounts. Often this begins with compromised or forged email.
What can you do? Validate account changes with known contacts at the counterparty where possible. Don’t do it via email if it can be avoided (in case either yours or the other party’s email is compromised). Additionally, confirm receipt of a test deposit of a nominal value prior to making a bank account change for your vendor.
BEC accounted for over half of all incidents for our customers last year (according to our annual threat report), and remains the top threat facing our customers. Prevention starts with proper training. Make sure employees are trained to recognize potential red flags associated with phishing emails when they land in their inbox. Finance teams should be on the lookout for emails with subject lines referencing updating payment details, and we recommend organizations have a process for employees to report suspicious emails for investigation. By remaining vigilant and proactive, organizations can reduce the chance of falling victim to this fraud.”