Check the website for the latest in Cyber Defence and Information Protection

June 2016

CEO fired – what happens when Cyber Attack is missed

The head of aerospace parts maker FACC has been fired after the company was hit by a cyber fraud that cost it some £52 million pounds. The board decided to dismiss CEO Walter Stephan with "immediate effect".

The head of aerospace parts maker FACC has been fired after the company was hit by a cyber fraud that cost it some £52 million pounds. The board decided to dismiss CEO Walter Stephan with "immediate effect". FACC, whose customers include Airbus and Boeing, said on Jan. 19 it had been hit by a cyber fraud in which hackers stole around £50 million by posing as Stephan in an email.

The hoax email asked an employee to transfer money to an account for a fake acquisition project - a kind of scam known as a "fake president incident" and also termed a “Whaling attack” (going after the big fish).

A company spokesman declined to give details of how Stephan had violated his duties. The firm said no comment was available from Stephan. The success of these attacks rely on the person with ability to make a payment believing that the request is coming from authority. And as we all know, it is easy to spoof an email and to craft it to make it appear genuine. We can only speculate why FACC deemed it was the CEO’s responsibility, maybe he had ultimate responsibility for Cyber security and such a loss meant a head had to roll, who knows.

Some commentary we have made is that whereas Cyber-attacks were once the reserve of post graduate unemployed geeks,(clever person with too much time on the hands) whose motivation was kudos and peer recognition. Today’s Cyber attacker is a speculative criminal who does not even have to have a lot of IT skills. Moreover their sole motivation is for money and they will see try one scam after another. They have only to be successful once to get their ill-gotten gains, whereas we have to successful every time to thwart them.

Also it’s not just peoples jobs that are the line, Companies are having to deal with huge profit losses. Based on the previous year’s accounts it would seem FACC have gone from £5million to £30million loss.

The good news is that there are ways to reduce the risk of these type of attacks, either by using extra technology to detect the false emails, and by implementing procedures to prevent the fraud, as always we are happy to offer advice and guidance.

CSTL awarded ‘Cyber Essentials Plus’ certification body status - we can help you achieve Cyber Defence recognition.
Cyber Essentials aims to help organisations implement fundamental levels of protection against cyber-attack, demonstrating to their customers that they take cyber security seriously. We can assist with the advice, and can undertake assessment to award you Cyber Essentials plus certification.

CST  |  1st Floor, 8-9 Lovat Lane, London, EC3R 8DW

Tel: +44 (0)20 7621 7836  |  Fax: +44 (0)20 7099 6878  |  Email: info@cstl.com  |  Web: www.cstl.com