Back on March 28th, I talked about the $54 million Business Email Compromise (BEC, or CEO Fraud) at FACC, an Austrian supplier of spare parts to Boeing and Airbus. As bad as it was, it’s gotten worse: In addition to the CFO, CEO Walter Stephan has been fired after 17 years in that job.
Here’s the rough timeline leading up to this point:
- FACC disclosed the Business Email Compromise (BEC) in January 2016
- US$56 million stolen; about US$11 million recovered
- CFO fired in February 2016
- Net loss of about US$22 million announced for 2015, a direct result of the BEC
- An immediate 17 percent drop in its share price following the net loss announcement
- May 2016, CEO fired, after 17 years with FACC
One way to put this all into perspective, is to know that BEC losses globally from October 2013 through February 2016 are $2.3 billion and climbing!
Another way to put this into perspective is to realize that relatively little in the way of technology was compromised to steal all that money. And, while there are some technological things we can do to reduce risk, the best defense is had by having trained finance people following strong processes working in a culture where it’s OK to respectfully question unusual emails.
In my view, cybersecurity is no longer a technology problem. It’s a management problem. And executives need to lead the way by committing their organizations to cyber resilience.
Do you know a better way?