BEC’s cybersecurity threat from a 4P perspective
Governments, businesses, and individuals have been hit by cyberattacks in one way or another. The phenomenon is known as cyber crime, one of which is Business email compromise (BEC). The hackers have been ruthlessly striking at government agencies that are ill-prepared to deal with cybersecurity threats.
Cybersecurity is gaining an increasing currency and importance for businesses of different sizes. The number of cyberattacks doubled in 2017 according to the Online Trust Alliance (OTA), a subsidiary of the Internet Society, a decades-old global non-profit that promotes the open development, evolution, and use of the Internet.
Business email compromise (BEC) is a type of email cyber crime scam in which an attacker targets business to defraud the company. It is a snowballing problem that targets organizations of all sizes around the world, having exposed organizations to billions of dollars.
The FBI defines five major types of BEC crimes:
- CEO Fraud: This is a situation where attackers pose as the CEO of a company and typically email an individual within the finance department requesting fund transfers.
- Account compromise: This involves the hijacking of an employee’s account to request payments to vendors. The payments are then transferred to fraudulent bank accounts owned by the attacker.
- False Invoice Scheme: The scammer acts as if they are a supplier and requests fund transfers to fraudulent accounts.
- Attorney Impersonation: This involves the impersonation of a lawyer or legal representative to avoid the victim questioning the validity of the request.
- Data Theft: Such attacks normally target HR employees in a bid to obtain personal or sensitive information about individuals within the company, such as CEOs and executives.
BEC attacks are hard to detect because the scammers do not use malware or malicious URLs that can be analyzed by standard cyber defenses. The attackers mainly rely on impersonation to carry out such cybercrimes, hence they require a people-centric defense that can prevent, detect, and respond to the techniques used by the scammers.
How to get protected?
Cyber security experts recommend the following ways to protect against BEC:
- Educate: Raise awareness among employees on how to spot these types of scams and how the scammers can spoof their email addresses.
- Verify: An organization is recommended to consider a two-step verification process for wire transfer payments to ensure that a transfer is legitimate.
- Be cautious: Take precautions when sharing information about the whereabouts of senior staff and when they are away from the office, particularly on social media platforms.
- Protect: Ensure all software, including anti-virus, is up to date on all computers and servers.
As technology has become an increasingly integral aspect of the workplace over the past few decades, it is imperative for businesses to boost their cybersecurity protocols and the handling of company data in a regular manner since the scammers are constantly innovative in developing new means and ways of scamming businesses of all sizes. After all, as Tech Funnel points out, cyber security is about protecting your computer-based equipment and information from unintended or unauthorized access, change, or destruction. Furthermore, with the increase of cyberattacks, With the increase of cyberattacks on governments, cybersecurity has become an important issue for public sector bodies that collect, use and disclose personal information. Governments cannot do it all alone; they need the cooperation and engagement of individuals, too, to achieve greater cybersecurity. Applying simple rules can protect individuals and the public sector, alike. In other words, it’s a digital responsibility that all the stakeholders should share.
4P is committed to bringing digital and business solutions to public sector organizations, and to helping governments select and implement the best secured solutions at the best possible value