The $100 Million Mistake: When Facebook and Google Fell for a Simple Phishing Scam
Between 2013 and 2015, two of the world’s biggest tech giants—Facebook and Google—were scammed out of over $100 million by a single attacker who simply sent well-crafted phishing emails.
How?
An employee at each company unknowingly approved fake invoices and made transfers to fraudulent accounts controlled by a Lithuanian cybercriminal posing as a legitimate vendor.
The attacker didn’t hack a firewall or breach a server. He just tricked people.
Despite their sophisticated cybersecurity stacks, it took just one person at each company. One email. One click.
This wasn’t a technology failure—it was a people failure.
And that’s the greatest blind spot in modern cybersecurity:
The human layer of defense.
But can we really blame them?
Source: CNBC
As cyberattacks become more sophisticated, board members can no longer leave employee awareness to CISOs alone.
Regulators, insurers, shareholders, and even courts are beginning to hold boards accountable for cybersecurity negligence—especially when preventable human error is involved.
You don’t need more firewalls—you need more aware people in your organization.
That’s where People Security Management (PSM) comes in.
People Security Management (PSM) is a board-level strategy that empowers employees to become your strongest line of defense.”
It moves beyond one-time training and outdated awareness programs by providing:
In short: It transforms cybersecurity behavior.
Over 90% of cyberattacks start with human error – IBM X-Force Threat Intelligence
Average cost of a data breach in 2023: $4.45 million – Ponemon Institute
Your firewall won’t save you when an employee shares their password, clicks a malicious link, or ignores a security warning.
And when breaches happen, the board is asked one question:
“What did you do to prevent this?”
PSM reduces the likelihood of breaches caused by employees, protecting the company from multi-million-dollar losses, penalties, and legal fallout.
PSM supports global standards like GDPR, ISO 27001, NIST, PCI DSS and upcoming regulations that emphasize employee awareness and accountability.
Insurers are increasing premiums and denying claims where companies lack proactive human risk mitigation.
This isn’t about installing another tool. It’s about creating a culture of cyber vigilance, starting from the intern to the C-suite.
Traditional “cyber awareness” campaigns are outdated and ineffective.
People Security Management is proactive, measurable, and scalable. It protects your human layer the way a firewall protects your network.
“The biggest risk to your organization is not the hacker—it’s the employee who isn’t prepared.”
Cyber risk is no longer a technical issue—it’s a boardroom issue.
The next breach could cost your company millions—or cost you your position.
By implementing People Security Management, you’re not just training employees—you’re protecting the business, its future, and your fiduciary responsibility.
Request a Live Threat Simulation & Risk Assessment → [Book Demo]
There has been a huge increase in credential harvesting cyberattacks that have been used to steal user’s login credentials....
The FBI’s Internet Crime Complaint Center (IC3) reported 880,418 complaints, which is a rise of almost 10% compared with...
Various types of bias in cybersecurity play a major role in decision-making. Any inaccurate threat assessment, ignorance of vulnerabilities...