Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Stay a Step Ahead of your #1 Downtime Threat - Business Email Compromise

    SecureWorksThreatSummitA new report from Secureworks has found that business email compromise (BEC) remains “one of the most financially damaging online crimes overall for orgs” in 2023. The security firm’s 2023 State of the Threat report says BEC “exceeds even ransomware in aggregate, mainly because it is so prolific, even if individual financial losses from BEC may be lower than individual losses from ransomware.”

    The researchers explain, “Threat actors use a range of techniques including mass phishing campaigns to steal credentials which are then used to access the victim email account. Once they have access, they often monitor the activity of the email account, identifying email chains with vendors and suppliers in which they can insert themselves. 

    After the attacker has successfully initiated communication with the victim, they provide modified legitimate financial documents or payment instructions for the victim to send money to the attacker-controlled accounts. Attackers may also spoof victim organizations to request payment without first compromising a victim's email account.”

    Teaching employees to follow security best practices, including using multifactor authentication (MFA), can help prevent targeted social engineering attacks.

    “Organizations can mitigate BEC attacks by comprehensively implementing MFA across all user accounts, including those for senior executives,” Secureworks says. “But remember that not all MFA solutions are created equal; using an authenticator app is better than SMS, and number matching is an improvement on click-to-accept, and represents a meaningful mitigation to MFA fatigue.

    It is advisable to closely follow Microsoft's Outlook authentication guidance to continually adopt best practices. Training employees not to accept MFA requests they did not generate is also a useful exercise. Robust business processes such as two-person payment processing, telephone-only approvals, and telephone-only vendor checks are essential.”

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
    Secureworks has the story: https://www.secureworks.com/resources/rp-state-of-the-threat-2023

     

    Return To KnowBe4 Security Blog

    12 Ways to Defeat Multi-Factor Authentication On-Demand Webinar

    Webinars19Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, explores 12 ways hackers use social engineering to trick your users into revealing sensitive data or enabling malicious code to run. Plus, he shares a hacking demo by KnowBe4's Chief Hacking Officer, Kevin Mitnick.

    Watch the Webinar

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/webinar-12-ways-to-defeat-mfa

    Topics: Social Engineering, Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews