720-891-1663
Return to the list of client alerts
Business Email Compromise (BEC) attacks – the attacks where a miscreant tries to separate you from your money or sensitive information by masquerading as an executive of your company or some other trusted person like a realtor – have been a problem for years. There have been many stories in the news and privately of companies losing millions of dollars and individuals losing a hundred thousand dollars or more.
The SEC recently released the results of an investigation into NINE publicly traded companies who, collectively, lost $98 million to BEC attacks. While they said that they were not going to prosecute those companies, they did indicate that they might in the future, saying that a company’s lack of financial controls could be a violation of the Securities and Exchange Acts of 1934 (see here).
In line with that, the security company Proofpoint released statistics that they gather as part of their work. They said that BEC attacks against targeted companies was up 226% between 4Q2018 qand 3Q2018 and up 476% between 4Q2018 and 4Q2017.
For more details on the types of attacks, read the link to the Helpnet Security article below, but what it means to businesses is that they need to up their game if they don’t want to fall victim to these attacks.
Businesses need to run regular (as in weekly) simulated phishing attacks to their entire employee population and provide additional training to those who fall for the attacks. The software to do this is now easy to use and affordable.
Remember that even one person falling for the real attack is enough to trigger a cyber-breach along with the legal costs and reputation damage associated with that. Smart attackers will not leave any obvious clues behind. An example of this was the Marriott breach were attackers were able to roam around the network for FOUR YEARS before they were discovered.
Source: Helpnet Security.