Cybersecurity has come a long way from writing our easy-to-guess passwords on post-it notes and placing them on our oversized monitors. Nevertheless, the recent proliferation of cyber attacks has companies like United Airlines fearing for what might be catastrophic damage due to the negligence of just one employee.
Greatest Threat To United Airlines? Cyber Attacks
United Airlines has instructed employees to report suspicious email by forwarding it to an internal email address or clicking on a “Report Phish” button in Outlook.
Last month, United’s Cybersecurity team launched a phishing campaign based on an “actual threat” received by United. These sorts of simulations are conducted each quarter to “arm employees with the latest information on spotting potential suspicious emails and reporting them.”
As part of the experiment, more than 78,000 United employees and contractors received an email which contained a voicemail attachment from an individual outside the company (all email that is not internal is marked external with the warning, “This message was sent from outside of United Airlines. Please do not click links or open attachments unless you recognize the sender and know that the content is safe.”)
There results were not comforting:
- Only 4.2% of the total recipients reported the email using the Report Phish button in Outlook or forwarded it to the appropriate email address
- 11% of United employees and contractors failed to recognize the email as suspicious and opened the attachment.
I doubt these sort of numbers are unique to United. Even at my own small company we’ve had employees open up phishing attachments. It happens, even with training.
But as we recently saw with the Colonial Pipeline cyber attack, ransomware attacks can quickly spiral out of control in ways that cause immense financial and economic damage.
That’s why United told employees in a memo reviewed by Live and Let’s Fly that cyber attacks pose the “biggest” threat to the airline:
Cyber attacks are currently the biggest threat to our airline, so we need everyone to be extra vigilant and report suspicious emails!
United offers the following instructions when reviewing email, which are actually generally applicable and a good reminder for all of us:
When you open an email, spend an extra moment looking it over. Before clicking on a link or opening an attachment, ask yourself, “Was I expecting a message from this person?” If the answer is no, this is a characteristic of phishing, and you should report the email.
Cyber attacks are a serious and growing threat to economic stability and commerce. Often, it can be the the weakest link—just one person—who inadvertently unleashes a torrent of damage.
United Airlines cyber attacks are deemed airline’s biggest threat. What do you do to prevent yourself or employees from clicking on phishing email?
image: M.J. Flaherty in United’s Network Operations Center [NOC] in Chicago