When it comes to cybersecurity, ransomware is the rockstar of threats. But taking a peek behind the curtain, business email compromise (BEC) causes huge financial losses.
Just last week, Europol announced it had dismantled a Franco-Israeli gang which had stolen from organisations based in France, including one company which lost EUR38 million.
The attacks followed the tried and tested social engineering playbook of emails or phone calls to employees claiming to be from the CEO asking for urgent payments to be made, an approach which makes it almost impossible for technical controls to address. This is one of the main reasons why many organisations struggle to identify and deal with this challenge.
When it comes to BEC, there is no technical answer. Rather the way to address it lies in examining organisational processes and attitudes around security, namely your organisation's Security Culture and the place to start is with security awareness and training.
It is like a game of chess – to protect your organisation from BEC, you need to be one step ahead. Train your employees to be BEC-savvy so they can spot suspicious emails and red flags like typos and unfamiliar attachments. Establish policies and procedures to help prevent BEC attacks, such as two-factor authentication and verifying financial transactions via secure methods. Finally, implement security measures such as email filtering, strong passwords and encryption. By taking these steps, you can help protect your organisation from the potentially devastating effects of BEC. Do not let ransomware be the only thing you worry about – BEC is a real threat and you must be prepared.
Ransomware is like an unwelcome guest that crashes the party, but BEC is like the sly thief that sneaks in and steals the silverware. There is a lack of awareness about BEC, like a fog that obscures the truth and prevents people from taking the proper precautions. It is also difficult to track, like a slippery eel that slips away before you can grab it, and victims are often reluctant to report it. This is because it is often seen as an embarrassing mistake and victims fear repercussions from their employers or customers. All of this means that BEC is often underreported, making it hard to get a clear picture of the damage it is causing.
With deepfake technologies becoming more readily available to criminals, BEC attacks will become increasingly sophisticated. It is like a game of chess, where organisations need to consider all the pieces on the board – not just the technology, but also the processes and the people behind them – in order to stay one step ahead of the criminals.