Defending against BEC attacks

Spencer Starkey at SonicWall explores strategies for protection against Business Email Compromise

 

Cyber-threats continue to evolve dramatically, with Business Email Compromise (BEC) attacks taking centre stage. While understanding their impact is crucial, it is equally important to learn how to counter them.

 

BEC attacks occur when cyber-criminals impersonate a trusted individual or business to manipulate individuals into transferring funds or sensitive information. These attacks are becoming increasingly common, partly due to misconfigurations in Microsoft Office 365, especially at the Active Directory level.

 

According to SonicWall’s 2024 Mid-Year Cyber Threat Report, on average 10 BEC events are reported for every one ransomware event. This underscores the need for businesses to understand the impact of BEC attacks and how to defend against them.

 

Attacks cost time, money and trust

BEC attacks pose significant threats to organisations of all sizes, with approximately 70% of reported incidents involving some form of social engineering, according to the Sonic Wall research. These cyber-attacks can lead to:

• Financial losses: fraudulent bank transfers, invoice scams, and account takeovers. Due to the difficulty in proving a BEC attack has occurred, recovery costs can significantly impact an organisation.
• Operational disruption: Investigating fraudulent activities and restoring financial records can cripple productivity. Legal and forensic costs for insurance claims often further strain resources, hindering overall business efficiency.
• Reputational damage: News of a successful scam can erode customer trust, tarnish a company’s image, and lead to a loss of business. Rebuilding trust and reputation after a BEC attack is a challenging and costly process, requiring an organisation to prove its effectiveness.

Google and Facebook both famously fell prey to these phishing emails, costing them over $121 million over a 2-year period. In this instance, an individual had impersonated an outside vendor by emailing staffers, requesting payment with convincing-looking invoices. The bad actor then proceeded to present the two tech giants with counterfeit lawyers’ letters and contracts to ensure that once the funds were paid, the bank would accept the stolen capital. Both companies sent urgent wire transfers responding to these attacks, subsequently costing them millions of dollars.

 

Ignorance is no defence

Given the extensive damage associated with BEC attacks, it is essential to implement practices to mitigate these risks. The first step is educating individuals in your organisation about BEC attacks, as most cyber-security breaches involve some degree of human error.

 

Individuals should undergo training to recognise and respond to potential BEC attacks. Users should be taught to verify the authenticity of emails, especially those requesting urgent financial transfers, procedural changes, or sensitive information.

 

Emphasising a culture of scepticism and encouraging employees to report suspicious emails can strengthen an organisation’s overall security. The more knowledgeable users are, the less likely they are to unknowingly expose themselves and the business to an attack.

 

A secure wall around the organisation

Organisations cannot and should not rely on people alone to stop BEC attacks. Anyone can click on a bad link by accident, but bolstering staff education with robust security measures can rapidly strengthen an organisation’s defences.

• Email authentication protocols: Implementing strong email authentication protocols can protect against email spoofing, a key component of BEC attacks.
• Advanced threat detection systems: Employing systems that identify and block suspicious messages before they reach employees can be extremely beneficial. These systems analyse email content, sender behaviour, and network traffic for anomalies indicative of a BEC attack.
• Clear financial protocols: Establishing clear protocols for financial processes can reduce the likelihood of BEC attacks. By restricting actions involving sensitive financial data until they are re-vetted, organisations can minimise potential damage. Specific BEC attacks, like man-in-the-middle (MITM) attacks, often exploit overlooked changes in wiring instructions.

Overall, BEC attacks create significant threats to organisations worldwide by exploiting human error and inflicting substantial financial damage. By combining user education with updated technology and internal processes, organisations can significantly reduce their vulnerability to BEC attacks. 

 

A comprehensive approach addressing both human and technological factors is essential to safeguard against these sophisticated threats.  

 

---

 

Spencer Starkey is VP EMEA at SonicWall

 

Main image courtesy of iStockPhoto.com and Just_Super