In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
🔐 CISOs: Free Resources for Implementing Data Loss Prevention (DLP) 🔐
Protecting sensitive data is a top priority, but deploying an effective DLP program can feel overwhelming – especially with limited budgets.
Luckily, there are excellent free resources designed to help CISOs plan, implement, and optimize DLP without costly licensing.
Here’s a curated list of top free DLP resources every CISO should explore:
1️⃣ CISA Data Protection Toolkit – Practical templates and guides to jumpstart your DLP strategy.
https://www.cisa.gov/data-protection
2️⃣ Microsoft DLP Policies Guide (M365) – Step-by-step instructions for setting up native DLP in Microsoft 365 environments.
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies
3️⃣ GitHub Open-Source DLP Tools – A collection of scripts and lightweight tools for data discovery and monitoring.
https://github.com/topics/data-loss-prevention
4️⃣ NIST Special Publication 800-171 – Controls and best practices to safeguard controlled unclassified information.
https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
5️⃣ Data Loss Prevention Framework by OWASP – Best practices for developers and security teams to build DLP into applications.
https://owasp.org/www-project-data-protection/
6️⃣ Google Workspace DLP Resources – Free guides to configure DLP in Google environments.
https://support.google.com/a/answer/7669608
7️⃣ The Privacy Rights Clearinghouse Data Protection Guide – Clear explanations of data protection principles and practical steps.
https://privacyrights.org/consumer-guides/data-protection
Implementing DLP is more than tech – it’s people, process, and policy.
Want to test your team’s susceptibility to accidental or intentional data leaks? AUMINT.io’s social engineering simulations highlight human risks that DLP tools can’t see.
📅 Explore how: Book a free intro call
🗂️ Save this post and strengthen your data protection efforts today!
#CISO #DataLossPrevention #DLP #CyberSecurity #InfoSec #AUMINT
The 19 Million Dollar Phishing Lesson No Business Can Ignore
🚨 The $19M Phishing Scam Every Business Should Fear
💡 A single phishing email cost a Milford firm 19 million dollars – and now they’re facing a negligence lawsuit.
📉 This wasn’t a sloppy scam. It was a precise, calculated attack where criminals perfectly mimicked trusted contacts. The transfer seemed legitimate… until it was too late.
🛑 The fallout? Vanished funds, broken trust, legal battles, and reputational damage that no insurance can fix.
🔍 Modern phishing isn’t random – it’s targeted, researched, and designed to bypass standard defenses. Spam filters can’t stop it. Firewalls can’t see it.
⚠️ The real weakness? A moment of human trust. Without continuous training, dark web monitoring, and real-time threat detection, even the most secure-looking organization is at risk.
💼 Lawsuits like this prove one thing – prevention isn’t optional. Clients and regulators expect proof of strong, proactive defense measures.
📢 Don’t gamble with your reputation or revenue. Book your AUMINT.io strategy call now and make sure your business never becomes the next headline.
#CyberSecurity #FraudPrevention #CISOs #FinanceLeaders #RiskManagement #PhishingPrevention #DataSecurity #BusinessContinuity
📑 CISOs: Free Guides to Build Your Board-Level Reporting Toolkit 📑
Your board doesn’t want raw logs – they want clarity, context, and confidence. As a CISO, the way you translate technical risk into strategic language can make or break funding, trust, and influence.
Here’s a list of free, high-value guides to help you craft board-ready cybersecurity reports that actually resonate:
1️⃣ NACD Cyber-Risk Oversight Handbook – A gold-standard framework for aligning security to board priorities.
https://www.nacdonline.org/cyber
2️⃣ CISA Cybersecurity Performance Goals – Benchmark progress with structured, board-friendly metrics.
https://www.cisa.gov/cpg
3️⃣ World Economic Forum – Principles for Board Governance of Cyber Risk – Policy-level insights for shaping narratives.
https://www.weforum.org/reports/principles-for-board-governance-of-cyber-risk
4️⃣ ENISA Cybersecurity Risk Management Framework – EU-focused but globally useful for structured board updates.
https://www.enisa.europa.eu/publications/risk-management
5️⃣ ISACA Board Briefings on Cybersecurity – Concise executive summaries tailored for board consumption.
https://www.isaca.org/resources
6️⃣ Cybersecurity & Infrastructure Security Agency Incident & Vulnerability Reporting Guidance – How to brief decision-makers under pressure.
https://www.cisa.gov/publication
7️⃣ SANS Security Leadership Posters – Visual aids to help communicate complex risk in minutes.
https://www.sans.org/posters
Equip yourself with these, and your next board meeting could shift from “budget defense” to “strategic partnership.”
Want to add measurable, people-focused risk data to your reports? 🧠 AUMINT.io delivers board-ready human risk metrics from targeted social engineering simulations.
📅 See how AUMINT strengthens your reporting: Book a free intro call
📌 Save this post – your board will thank you.
#CISO #BoardReporting #CyberRisk #SecurityLeadership #AUMINT