How a Layered Approach Thwarts Business Email Compromise Schemes
The greatest threats come from seemingly familiar, trustworthy sources. One of these email-based cyber threats is called business email compromise (BEC), and it has exposed businesses to considerable losses. What makes BEC attacks so nasty is hackers try to gain access to email servers or by hacking a user’s account directly. Once they have access, they can send emails that, by all appearances, come from within the company. The FBI has identified five general types of BEC attacks:
- Account Compromise – An employee’s email is hacked and is used to request payments from vendors who are then sent to fraudulent bank accounts.
- False Invoice Scheme – Similar to the account compromise, but these attacks target foreign suppliers
- Attorney Impersonation – An attacker poses as legal representation and targets lower-level employees where it is unlikely they would challenge the validity of the email.
- CEO Fraud – Attackers position themselves as a c-level executive, and they email an employee in the finance department requesting a payment be made to an account controlled by the attacker.
- Data Theft – Attackers target HR companies in an attempt to obtain personal information about directors and executives.
BEC attacks are difficult to detect and prevent, especially with older cyber security systems and unmanaged technology. They don’t use malware or malicious URLs that will be caught by cyber defenses. Instead, they rely on social engineering and impersonation to trick users, which makes them very personalized attacks.
By far, BEC scams are the most damaging and effective type of cyber crime. The average attack results in $75,000 in losses, compared to just $500 for phishing attacks and $4,400 for ransomware. And because these attacks are carefully designed to avoid raising red flags, they’re also the hardest to stop. Targets almost inevitably become victims—unless they have a layer of their security stack equipped to stop BEC.
Education and training can help users spot scam emails. But they’ll always miss some—and that’s especially true for well-disguised BEC scams. Technology can provide multiple layers of additional security that rise to the occasion when frontline efforts fail:
- Multifactor authentication: Hackers will often break into email accounts to harvest details to use in BEC schemes, so encourage clients to use multifactor authentication to keep prying eyes out of their messages. Making it harder to carry out BEC attacks makes a company look less appealing as a target.
- Conditional policies: BEC attacks originate from across the globe. Help clients set up conditional access so that, for example, only users in the U.S. can access email accounts. This puts one more obstacle between hackers and the valuable information inside the inbox.
- 24/7 monitoring: The final and most important layer scours for early warnings that BEC schemes have (once again) tricked an unsuspecting recipient into enabling an attack. Constant security monitoring reveals red flags as soon as they appear so clients can prevent or minimize the consequences of BEC.
The reality is, any organization can be the target of a BEC-style attack, and for internal IT staff, the pressure is on to stop these attacks. While user training is important, robust email security, domain authentication, account protection, and two-factor authentication have to all work in unison to prevent BEC attacks.
RCS Secure implements the layered security necessary to defend your business from BEC attacks. If one layer fails, there are multiple protections in place to stop diverse attacks. In the same way that a castle relies on stone walls, armed guards, and a moat to keep out invaders, layered cyber security builds defenses on top of one another. Since email scams are growing increasingly prevalent, one of these layers should focus specifically on business email compromise.
RCS Secure offers a full spectrum of cyber security safeguards and services. Our services combine compliance standards expertise with cutting-edge technology to identify risks, prioritize remediation, and ensure you are both secure and compliant.