The FBI’s Internet Crime Complaint Center (IC3) released its Internet Crime Report 2020 recently, and it’s packed with essential insights for CISOs. It’s a comprehensive resource that highlights new cybercriminal techniques, malware, and also includes some jaw-dropping stats on the losses businesses have suffered, including:
BEC attacks are a phishing scam variation. Rather than sending emails from outside the organization, a cybercriminal compromises a legitimate business email account through social engineering or other computer intrusion technique with the express purpose of transferring funds to their accounts. Because most organizations won’t allow an individual user to send corporate funds themselves, cybercriminals must communicate with employees inside the organization to fool them into sending them money.
There are many psychological tools hackers use to trick employees into engaging in risky behaviors, often playing off of people’s inherent good nature and adherence to corporate hierarchy. BEC, specifically, takes advantage of employees’ cognitive bias using two techniques:
The best way for CISOs to protect their organizations from falling victim to a BEC attack is by implementing hard and fast rules around wire transfers. Businesses should regularly use 2- factor authentication (2FA) for important documents, require offline authentications (i.e., phone call verification for wire requests over $10,000), and educate their employees to know the process inside and out. This way, even if the CEO were to demand a large sum of money quickly, the team would soon sniff out the cybercriminal because they aren’t adhering to corporate protocols.
Education and training are critical in preventing BEC attacks from victimizing your business.
security awareness platform fortifies employees’ knowledge of these attacks through regular microlessons that facilitate positive user behavior. Interested in learning more.
Schedule some time to talk with one of our experts and they will show you how we can help your organization.Get a demo Today