January 25, 2016 By Douglas Bonderud 2 min read

Austrian airplane component manufacturer FACC AG isn’t having a great month. According to CSO Online, the company’s newly released 2015 third-quarter results report spelled out a recent cyberattack on the accounting department of its FACC Operations unit. This is no small theft: Criminals flew the coop with more than $50 million in liquid funds.

While FACC AG said the loss does not pose an economic threat to ongoing company operation, it’s a wake-up call for other enterprises: Large-scale cybercrime is off the ground and gaining altitude. Is it possible to avoid financial free fall?

Cybercrime Goes Up, Up and Away

While FACC AG hasn’t been forthcoming with the details of the breach, it has assured investors that IT infrastructure, data security and intellectual property rights all remain secure. Speculation about the outflow of significant assets suggested the use of fraudulent wire transfers — once completed, it’s almost impossible to reclaim money even if criminal intent is proven. With criminals developing new email compromise and login theft techniques, these transactions often appear legitimate long enough to fool financial professionals.

As noted by Live Mint, fraud-based cybercrime is rising worldwide. A recent Ernst & Young report found that cybercrime is the fastest-growing fraud risk in India, while Data Quest predicted that mobile cyber fraud will become a serious problem for businesses across the country in 2016. In other words, although FACC AG’s loss is noteworthy owing to its size, this type of cyberattack is quickly becoming commonplace.

On Solid Ground

So how do companies mitigate the threat of cyber fraud losses, especially when attackers are so good at getting in, stealing cash and escaping notice? One option is beefing up internal security controls, hiring more IT security staff and piling on cybercrime budgets to help track down possible fraud indicators. Here, the biggest motivator is fear: Companies don’t want the public or competitors to know they’ve been hit, how much they’ve lost or if their systems contain potential vulnerabilities.

There might be a better way. In Canada, top industry leaders have created a new network — the Canadian Cyber Threat Exchange (CCTX) — set to launch in the next few months, according to the CBC. This independent, nonprofit organization will act as a “clearing house” for companies to report cyberattack vectors, malware types and even cybersecurity responses. Ideally, the exchange should help all CCTX members become better prepared and better equipped to handle emerging cybercrime threats.

Bottom line? No company wants to admit it has lost millions to fraud thanks to an IT breach. What if competitors take advantage or consumers abandon ship? But this kind of thinking is like grabbing your luggage when the plane is going down; no one walks away if the aircraft hits the ground. Data shared offers the chance for money saved. If companies want out of the cybercrime free fall, it’s time to be forthright.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today