Call to sack staff who click on common email

The head of a major financial services company says employers need to have a zero-tolerance approach to staff who continuously click on suspicious emails.

Cybercriminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

According to IT Brief Australia, 46 per cent of Australian organisations analysed were victims of spear phishing in 2022 and global organisations received five highly personalised spear-phishing emails per day on average.

Medibank, one of Australia’s largest private health insurance providers, says it is expecting to spend up to $45 million relating to hacking Picture: NCA NewsWire / Christian Gilles

Spear phishing is a type of phishing that targets a specific person or group and often includes information known to be of interest to the target, such as current events or financial documents.

Frank Lombardo, the chief operating and technology officer at Insignia Financial, told the Australian Financial Review that phishing and malware remain “one of the largest ways that threat actors get into your organisation”.

’Multiple failures’, should lead to termination, says Frank Lombardo. Picture: LinkedIn / Frank Lombardo

His firm has a novel way to educate staff on the dangers of phishing and malware.

“We’re performing regular tests on our people pretty much every day, and we’re sharing those results with [staff]. That’s part of the awareness and education and training,” he said.

Clicking on the emails, or failing some other security tests, can be a firing offence, he said.

However, Mr Lombardo said such a dramatic action doesn’t happen overnight.

“It’s multiple failures,” he explained.

Spear phishing is a type of phishing campaign that targets a specific person or group and often includes information known to be of interest to the target. 

“Ultimately, you need to recognise that if you’ve done everything that you can and if there’s a weakness, and if it’s at that human level and the human just isn’t getting it, then you do need to take the appropriate action because the consequences are severe if you get it wrong.

“It may even lead to performance management and exiting individuals who are just not getting it. You have to take this really, really seriously at all layers of your organisation. If you don’t, then [your company] will fail.”

Australians lost a record $3.1 billion to scams last year, up from $2 billion in 2021, according to the ACCC.

There’s been a long list of computer glitches lately. Should consumers be on alert for the next cyber attack?

Some of Australia’s biggest corporations suffered disastrous data breaches in the last 12 months, most notably, Optus, Medibank and Latitude, leading to huge financial and reputational damage.

Up to 9.8 million Australians had their personal details stolen in the massive Optus hack in September 2022, resulting in 10 per cent of customers leaving the company since the breach.

Meanwhile, Medibank, one of Australia’s largest private health insurance providers, is expecting to spend up to $45m relating to hacking after more than nine million customers’ data was compromised by a massive hack in October last year.

A hack of Aussie financial firm Latitude saw 14 million records stolen this year which includes 7.9 million driver’s licences, 53,000 passport numbers and records with personal information such as customers’ names, addresses, telephone numbers and dates of birth.


Recent Posts

Explore the Blog

Subscribe to our newsletter!