While preventing ransomware attacks is a key priority for any IT security team, another type of threat could prove much more costly to their organisation.
Dubbed business email compromise (BEC), these attacks are one of the fastest-growing types of cyber crime and have been shown to be causing around 80 times the losses that stem from ransomware.
According to the Verizon 2023 Data Breach Investigations Report, BEC attacks nearly doubled during 2022, while the average amount stolen in each incident climbed to US$50,000.
BEC attacks are problematic because they can be very difficult to spot. Cyber criminals create email messages that appear to have come from a legitimate source and request that the recipient either provide personal details or make payment of a fake bill.
Some emails direct the recipient to what appears to be an authentic website on which they are encouraged to enter things such as bank account login details or access credentials for their work-related IT systems.
Protecting against these attacks is, therefore, essential to safeguard an organisation’s integrity and reputation. It’s also important when it comes to protecting financial assets and the privacy of staff.
To achieve effective protection against BEC attacks, a security team must have in place a comprehensive strategy that addresses both technical and human vulnerabilities. Such strategies need to incorporate seven key elements:
- Be hyper-aware of the threat
Because cyber criminals are making their BEC attack emails look ever more authentic, it’s important that both an organisation’s IT team and the entire staff are aware of the threat. Conduct regular awareness and training sessions during which the techniques being used can be clearly explained.
All staff members need to understand the signs of an attack, such as emails coming from a suspicious address or those containing unexpected or unusual requests. They should know that if there is any reason at all to suspect an email is not legitimate, it should not be opened but reported to the security team.
- Undertake thorough identity verification
In most cases, a BEC attack will begin with a targeted phishing email that directs the recipient to a fake login page where the cyber criminal can obtain login or financial credentials. For this reason, it is vital to verify the identity of email senders, especially if the message includes a request for a financial transaction or sensitive data.
If not already in place, organisations should consider implementing a system of multifactor authentication to make internal systems more secure. This will mean that, even if a cyber criminal obtains user login credentials, they still won’t be able to gain access.
- Strengthen corporate security policies
All organisations need to create and implement comprehensive security policies and procedures for validating and authorising both financial transactions and access to confidential data.
These policies should include the establishment of strict approval processes and proper verification of changes to payment details.
- Carefully examine all URLs and email attachments
All staff must get into the habit of closely inspecting links and attachments in emails before interacting with them. Steps to undertake include the verification of all URLs and the use of security tools to automatically scan attachments for malware.
- Deploy software patches as soon as they are released
One attack vector that is particularly popular among cyber criminals are known software vulnerabilities, which can be exploited to gain unauthorised access to an organisation’s IT infrastructure.
To guard against this occurring via a BEC attack, IT teams need to deploy patches as soon as they are released by software vendors.
- Improve monitoring capabilities
It is also very important for IT security teams to implement monitoring and anomaly detection tools that can identify unusual patterns or suspicious materials in emails. This may include reviewing activity logs, detecting changes in communication patterns, and using artificial intelligence tools to identify potential BEC attacks.
- Patch any gaps in visibility
Many organisations have in place a variety of different security tools and platforms. Unfortunately, this can lead to gaps in visibility, which can be exploited by cyber criminals via a BEC attack.
For this reason, it is very important to have security measures that work in an integrated manner to achieve full visibility and thus prevent BEC attacks.
The challenge of detecting and rapidly responding to BEC attacks is increasing as the sophistication of cyber criminals grows. By taking the steps outlined, organisations can be better positioned to spot potential attacks before they cause disruption or loss.