This week the Securities and Exchange Commission (SEC) issued an investigative report that outlined cyber incidents that nine public companies had experienced, causing fraudulent losses totaling more than $100 million. The conclusion of the report is that public companies “should consider cyber threats when implementing internal controls.” The investigations focused on business email compromises in which intruders posed as company executives or vendors and used emails (usually through phishing and spear phishing campaigns) to trick employees into sending large amounts of money to bank accounts controlled by the fraudsters.
Please see full publication below for more information.