KnowBe4 Analyzes Patco Case: Business at a Loss When Judge Protects Bank in $588,000 Cyberheist

September 1, 2011

IT Security Expert Stu Sjouwerman of KnowBe4 Warns That Patco Case May Set Precedent, Leaving Businesses Financially Responsible When Employees Click on Phishing Emails

Clearwater, Florida (PRWEB) September 01, 2011

After finding itself the victim of a $588,000 cyberheist, Patco Construction suffered another loss when a Maine district court judge ruled in favor of the bank and denied Patcoâs suit to recover its losses (Patco Construction Company, Inc., v. Peopleâs United Bank d/b/a Ocean Bank).(1) The outcome of this case underscores the warnings made by IT security expert Stu Sjouwerman (pronounced âœshower-manâ), founder and CEO of Internet Security Awareness Training (ISAT) firm KnowBe4, who has cautioned small and medium enterprises (SMEs) that financial institutions often do little to protect businesses when cybercriminals raid their accounts.

As outlined in the court filings, Patcoâs ordeal began in May 2009, when a series of unauthorized transfers were made from its account at Ocean Bank. An outside IT consultant ran anti-virus scans that quarantined and deleted a Zeus/Zbot trojan, which Patco maintains was used to steal the companyâs online banking credentials. While there are no published details as to how the malware came to be on Patcoâs system, Sjouwerman notes that cybercriminals often rely on phishing emails and other social engineering tactics to trick employees into clicking a link, which enables the perpetrators to bypass antivirus software and load malware directly onto corporate systems. The facts of the case revealed that unknown third parties began issuing a series of transfers from Patcoâs commercial account at Ocean Bank, sending the money to dozens of different co-conspirators over a seven-day period.

The court records note that by the time Patco became aware of the theft and notified the bank, $588,000 had been transferred. Ocean Bank was able to block or recover a portion of the fraudulent transfers, but Patco was still out some $345,000. Furthermore, because Patco didnât have the available funds to cover the transfers, Ocean Bank drew from the companyâs line of credit â“ which meant Patco had to pay interest to avoid defaulting on the loan. Patcoâs subsequent lawsuit against Ocean Bank claimed that the bank didnât do enough to protect its commercial accounts. In May 2011, a magistrate recommended that the court deny Patcoâs summary judgment and grant the bankâs motion. On August 4, the district court judge approved the magistrateâs decision.(2)

âœAs the Patco case demonstrates, companies often have no recourse when cybercriminals drain their accounts. Since banks wonât offer protection, business owners need to protect themselves by providing Internet security training to their employees so that cyber thieves canât access their systems in the first place,â asserted Sjouwerman. âœAnyone can potentially be taken in by cybercriminalsâ sophisticated ploys if they havenât been trained to recognize and avoid them. All it takes is one click of a phishing email by an unwitting employee, and an entire network can be compromised. Patco learned the hard way that one wrong click can have very costly repercussions.â

According to Sjouwerman, while federal regulations require banks to make good on losses from personal accounts, commercial accounts do not have the same protection, which is why Patco had to take Ocean Bank to court to try to recover its losses. He noted that the judgeâs decision in the Patco case may set a precedent that will make it even more difficult for businesses to recover stolen funds. âœUltimately, business owners are responsible for protecting their bank accounts â“ and their networks. Internet security training can pay for itself many times over if it helps SMEs avoid a cyberheist.â

KnowBe4âs own client research revealed that 26% to 45% of employees were Phish-proneâ“¢ â“ or susceptible to phishing attacks â“ before receiving training. Upon implementation of ISAT, the Phish-prone percentage was immediately reduced by 75%. In just four weeks, additional testing and retraining shrunk that figure close to zero.

To help SMEs determine what percentage of their staff is Phish-prone, KnowBe4 offers a free phishing security test. âœThe test can prove invaluable to managers and IT specialists who are interested in ISAT, as the results may be the ammo they need to shake loose the funds for training,â said Sjouwerman. âœOur ISAT system is very affordable, and I think most companies would find it to be the best possible use of their security budget. Thatâs why I urge businesses take advantage of our free phishing security test â“ it can be a very effective first step toward protecting their network, as well as company assets.â

Other steps companies can take include reviewing KnowBe4âs free cybercrime education resources and case studies to learn about cybercriminalsâ tools and tactics. Sjouwerman also published a trove of cybercrime knowledge in Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008. Cyberheist examines the business of cybercrime, explores a number of case studies and offers proven tips for cybercrime prevention.

For more information on KnowBe4 â“ including the free phishing security test and other valuable cybercrime prevention tools â“ visit http://www.knowbe4.com. To read more about Cyberheist, or to order the paperback or e-book edition, visit http://www.cyberheist.com.

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He is the author of four books, including Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

(1) Patco Construction Company, Inc., v. Peopleâs United Bank d/b/a Ocean Bank; case no. 2:09-cv-503-DBH. http://docs.ismgcorp.com/files/external/Order-MSJ-052811.pdf

(2) Kitten, Tracy. âœACH Fraud: Judge Denies Patco Motion.â Bank Information Security; August 9, 2011. http://ffiec.bankinfosecurity.com/articles.php?art_id=3939

For the original version on PRWeb visit: http://www.prweb.com/releases/prweb2011/9/prweb8741307.htm

Source: prweb

comments powered by Disqus