Business e-mail compromise scams are now the most common type of cyber attack businesses face, and all types of these attacks are showing no signs of letting up, according to a new report.
Nearly three out of every four businesses were targets of these types of attacks and 29% of those firms became victims of successful attacks, which involve criminals impersonating company insiders or vendors to convince key personnel to transfer funds to them, according to the report by Arctic Wolf, a cyber-security firm.
While this has become the most common type of attack, a number of other schemes like ransomware attacks and data breaches are also growing in number and scope of damage. Any of these attacks can drain a company’s finances and result in tricky legal and possibly reputational issues that take time and money time to resolve.
Combating these threats requires training and cyber insurance coverage that may pay for the costs related to cyber attacks.
Here are the main threats businesses are contending with, according to the report:
Business e-mail compromise (BEC) — Seventy percent of organizations surveyed said they had been targeted by these types of scams. Some examples of BEC attacks include impersonating company executives to request wire transfers, falsifying invoice payment details, and tricking employees into revealing sensitive information. These scams can result in significant financial losses for businesses.
CAUTION: For businesses that use cloud-based e-mail services like Office365, these attacks are hard to detect since they don’t reside on company servers.
With many organizations moving to cloud-based e-mail services, these types of attacks can be difficult to identify with traditional security tools and may go undetected until they have successfully executed their objectives. This is one of the reasons why it is important to have cyber coverage.
Data breaches — Nearly half (48%) of organizations surveyed reported that they’d found evidence of a breach in their systems. The authors said that does not mean that the other 52% didn’t suffer a breach; it means they failed to find evidence of one.
Ransomware — Some 45% of organizations surveyed admitted to being the victim of a ransomware attack within the last 12 months. These attacks usually involve criminals gaining access to a company’s systems by getting an employe to click on a malicious link, after which they lock down the system and demand a ransom to unlock it.
Increasingly, these attacks include a data-theft component and the perpetrators may demand an additional ransom not to release the sensitive data to others.
What companies can do
To combat business e-mail compromise scams, you should:
- Register all domain names that are similar to the business’s legitimate website and can be used for spoofing attacks.
- Create rules that flag and delineate e-mails received from unknown domains.
- Monitor and/or restrict the creation of new e-mail rules within the e-mail server environment.
- Enable multi-factor authentication.
- Conduct BEC drills, similar to anti-phishing exercises.
Finally, companies that use cloud-based e-mail services should when adopting Office 365 or alternatives employ detection tools or services specifically designed to monitor for
threats related to business e-mail compromise scams.
To combat ransomware, you should consider:
Regularly backing up systems and data. Perform frequent backups of your system and other important files, and verify your backups regularly. This way you can restore functions if hit by ransomware.
Storing your backups separately. In particular, store backups on a separate device that cannot be accessed from a network, such as on an external hard drive.
Training your staff. Train your staff in how to spot possible phishing e-mails that are designed to convince an employee to click on a malicious link that will release the ransomware.
Insurance
To ensure that your organization is protected in case of an attack, you should seriously consider purchasing cyber insurance.
Policies vary by carrier, but often may help pay for any financial losses you may incur in the event of a cyber attack or data breach. A policy also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services and refunds to customers.