Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.
New data from cybersecurity insurer Coalition provides some context around what kinds of attacks are resulting in serious monetary impacts that require submitting cyber insurance claims. In their H1 2020 Cyber Insurance Claims Report, I’ve already pointed out the predominance of ransomware in cyber insurance claims. This report also goes on to point out some startling statistics about BEC:
- BEC’s 67% growth in cyber insurance claims was from 2019 to 2020
- BEC was the “initial point of entry” in 60% of claims
- Organizations in the Financial Services industry represent 32% of all claims
- Organizations that use Office 365 are three times as likely to experience BEC as those with Gmail
Coalition go on to point out that the most common attacks that result in BEC are phishing and spear phishing attacks that leverage spoofing techniques to impersonate a person or brand. In cases where users are involved with financial transactions, Coalition recommends putting a dual-control process in place that validates email-based requests involving the transfer of funds.
I’d also suggest enrolling those same users in new school Security Awareness Training to educate them on how the bad guys go about tricking their victims, educating your users so they can spot BEC attacks a mile away.