A firm’s CEO was notified that there was an auction on the dark web that was selling access to the firm’s business data. It was a government contracting firm, so the business data included access to its military client’s database. The CEO rapidly established that the data being sold on the dark web was obsolete, and was not tied to any government clients.

 

A review revealed that a senior employee in the firm had downloaded a malicious email attachment. He thought it was from a trusted source. There was malware in the email attachment, which is considered a phishing attack.

 

The firm’s IT employees immediately shut off any communication to the affected server, and they also took the system offline to scan the network for any additional breaches. The firm’s leadership hired a cybersecurity forensics firm. The U.S. Secret Service also assisted in the investigation.

 

This cost the firm more than $1 million, and the firm was offline for several days, which disrupted business. Additionally, a new server and new security software licenses had to be set up.