https://www.infosecurity-magazine.com/news/sans-phishing-attack/?&web_view=true
Exploit: Phishing/Accidental Data Sharing
SANS Institute: Cybersecurity Education and Certification
Risk to Small Business: 1.875 = Severe Somebody needs to stay after class for extra tutoring at SANS Institute after an accidental data sharing incident led to a data breach that exposed over 28,000 PII records. The information was apparently mistakenly forwarded to an outside party. The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. One phishing email resulted in 513 emails full of PII being forwarded to the external address and malicious Office 365 add-on was also installed on the infected machine as part of the attack.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
