Risks from exposed documents

In his report Fowler noted that the potential risks of invoice fraud from stolen documents affect both business-to-customer (B2C) and business-to-business (B2B) transactions. “Exposed invoices and internal business documents can potentially serve as a template for criminals to target victims using internal information that only the business and the customer would know,” he wrote. “This insider knowledge is likely to generate a sense of trust, significantly increasing the chances of effective fraudulent activity.” 

One cause of exposed corporate databases can be remote employees who aren’t working behind a firewall, said Johannes Ullrich, dean of research at the SANS Institute, a cybersecurity training provider. “It takes some work to expose databases,” he said in an interview. “It’s not something super-trivial to do.”

Cybersecurity requires discipline

Asked how CSOs can prevent employees making mistakes with files or misconfiguring systems, Ullrich said it comes down to attack surface monitoring. That involves pre-emptively scanning not only the organization’s IP space, but also those of employees, for open ports, exposed APIs, and exposed corporate data.