19 August 2021
Business Email Compromise – 5 Ways to Prevent it!
With 4.5 Billion internet subscribers, globally leveraging the web to perform various activities/transactions, it has become more vulnerable than ever before. In fact, according to the International Monetary Fund, the number of cyberattacks has tripled over the last decade. The constantly increasing, large scale breaches confirms that not only cybersecurity attacks are going up but they are increasing in severity, as well.
A report published by McAfee, The Hidden Cost of Cybercrime stated that – “We estimated the monetary loss from cybercrime at approximately $945 billion. Added to this was global spending on cybersecurity, which was expected to exceed $145 billion in 2020. Today, this is a $1 trillion dollar drag on the global economy.” These facts clearly signify the drastic increase in cybercrime and the importance of cybersecurity for businesses & individuals across the world. As, besides having their reputations at stake, companies are risking their crucial/sensitive data, financial information, cash flow, tech infrastructure, customer trust & much more.
Rising Business Email Compromise (BEC) Attacks
The first half of 2020 was quite challenging for many organizations, as there was a global shift to a remote working culture while making data security a critical concern. Remote working & increasing internet transactions opened up new ways for cybercriminals to target both individuals and organizations. Business Email Compromise (BEC) is amongst the most common types of data breaches that we have witnessed throughout 2020.
Outlined below are some interesting stats that echo the fact:Â
- Coronavirus-related phishing attacks and business email compromise (BEC) scams skyrocketed 3,000% from mid-March through early June, according to mid-year analysis from the Agari Cyber-intelligence Division (ACID)
- Barracuda Networks identified 6,170 malicious accounts since January that use Gmail, AOL, and other email services that were responsible for more than 100,000 Business Email Compromise (BEC) attacks on nearly 6,600 organizations around the world.
- According to a recent report, The Geography BEC released in 2020 by Agari Cyber-Intelligence Division (ACID) – BEC is now responsible for 40% of all cybercrime losses—more than $26 billion in losses, since June 2016—and has victimized organizations in at least 177 countries.
- Business Email Compromise (BEC) was solely responsible for over 40% of the total cyber crime losses in 2019, at least according to the latest FBI IC3 report.
If you ignore BEC prevention now, it can cost you millions of dollars later!
Companies using cloud-based email services are lucrative targets to cybercriminals who conduct business email compromise (BEC) scams. Cybercriminals leverage technical threats & sophisticated social engineering methods to win the employee trust & conduct fraudulent activities. The need for security against such attacks is crucial as the no. of BEC scams is growing in volume and no organization is immune to the fallibility of human nature since these emails look very real & are harder for employees to identify immediately.
5 Ways Organizations Can Prevent Business Email Compromise (BEC)
- Email Authorization with SPF: Sender Policy Framework (SPF) is an email authentication technique used against email spoofing. Spammers can forge your domain to send fake messages that appear to come from your organization. Such spoofed messages can be used to communicate false information, send out harmful software, or trick people into giving out sensitive information. Sender Policy Framework identifies if the mail sent from your domain is actually from your organization/mail server authorized by you or it’s a BEC attack.
- Multi-factor Authentication: To avoid the breach of email accounts, organizations can implement measures to enhance authentication such as: encouraging a strong password set up policy, prohibiting reuse of passwords, and implementing multi-factor authentication. Multi-factor authentication allows successful access only after the user provides various kinds of information including, but not limited to, a password and a dynamic pin, code, or biometric. This method makes it more difficult for a cybercriminal to hack an employee’s email & launch a BEC attack.
- Establishment of an internal control system: Companies can establish an internal control system & escalation rules for responding to confirmed or suspected cases of BEC. They can establish a system for verification that facilitates collaboration between the accounting department which requests financial institutions to make money transfers, IT department which is responsible for e-mail and system operation, legal department which responds when a case involves legal issues, and the sales department which undertakes negotiations with outside business partners. In case of high valued transactions, multiple independent signatures from different departments can also be used.
- Implementation of security protocols & staff training: Organizations can create & roll out policies to use office devices such as laptops, protocols for email passwords, and other relevant security measures to avoid BEC attacks. To counter social engineering, awareness training programs can be organized to identify breaches that get through the layers of defense. Also, whenever new strategies or attacks come to light in other organizations, such incidents should be shared with employees to increase awareness.
- Implementation of Security Solutions: Email security solutions offer a pre-delivery protection mechanism by blocking various email-based threats like viruses, malware, ransomware, phishing, spoofing, etc. before they reach a mail server. FirstCloud™ Email Security solution offers a reliable, scalable, and feature-rich email security service that protects businesses against such BEC attacks.
Combat BEC Attacks with CyberCision Email Security!
Considering how vital it is for companies to protect their sensitive data and financial integrity, CyberCision Email Security offers an affordable inbound & outbound email security solution that can be customized for businesses of any size with unique layered protection, assured disaster recovery, and 32 days trace replay.
It uses innovative cloud content security and analytics capabilities to protect inbound emails from malware, ransomware, phishing, viruses & spam, and also detects advanced persistent threats such as spear phishing, whaling, typo domain, and spoofing attacks.
The technology is powered by FirstWave Cloud Technology’s ESP™ email software technology, Cisco-based ESA/IronPort, and Advanced Malware Protection (AMP) technologies.
Moving towards a more secure future!
As we move towards a technologically advanced future, cybersecurity risk is also bound to soar, since hackers are also quickly adapting to the technological changes and are becoming more skilled in finding loopholes in the security systems. According to the Cybersecurity Market Revenues Worldwide report by Statista, the global cybersecurity market size is forecasted to grow to 248.26 billion U.S. dollars by 2023. But let’s not forget that cyber-attacks are not unavoidable. Security solutions are providing effective protection against such threats and are constantly evolving with the changing global needs.