The boom of BEC scams
This is actually nothing new. Rather, it is a new version of the CEO fraud, a scam that involves the attacker posing as the CEO or some high-up in the company. They then trick employees, who don’t have enough time to check whether the email is legit, into making bank transfers or providing confidential information about the company.
Likewise, the CEO fraud is a type of BEC scam (Business Email Compromise), but it is not unique: the tech support scam is another of the many varieties of cybercriminal activity that involve the attacker pretending to be someone with a certain level of authority in order to take advantage of the weakest link in the company’s cybersecurity: the employees themselves.
The consequences of a BEC attack
When a company falls victim to a BEC scam, it faces many possible consequences that can seriously affect both the company’s present and its future.
1.- Theft of information. If a cybercriminal achieves what they set out to do, they’ll be able to get hold of confidential information that is highly valuable to the company. And this information may affect not only the company itself, but also its users, customers, suppliers, and so on, something that could seriously affect its reputation.
2.- Economic losses. According to the FBI’s Internet Crime Report (IC3), in 2017, BEC scams caused losses of over €676 billion in the USA alone, making it cybercriminals’ most lucrative tool.
3.- Loss of innovation. At the same time, companies’ fear of this kind of scam can also have a slowing affect on the adoption of certain emerging technologies, both for the companies themselves and for users. This is one explanation for the fact that there still exists a certain level of reluctance to adopt online banking.
How to avoid BEC scams
Putting a stop to BEC scams should be a priority for any company. To do so, it is vital to have cybersecurity solutions that analyze exactly what is happening at all times on company networks and devices. This is exactly that Panda Adaptive Defense does. It is an advanced cybersecurity solution that automatically monitors all running processes in real time. This means that, if someone does manage to sneak onto the network, or to introduce malware into the system, it is able to detect and neutralize the threat before it can have any consequences. It therefore gets ahead of possible risks as soon as it detects any anomalous process or movement on the corporate network. What’s more, the managed Panda Adaptive Defense Threat Hunting service discovers new attack patters by automatically identifying anomalies in the behaviors of each user, process, and machine.
But this maintaining this level of vigilance shouldn’t be the sole charge of technological tools. Employees also need to play their part, especially if we consider that they often end up acting as a way in for cybercriminals who take advantage of their lack of cybersecurity training. This is why employee awareness needs to be increased, so that, at any given moment, they know how to activate a security protocol, rather than trusting the sender of any old email that they receive.
In any case, this will of course at times be a difficult task. This is why two-factor authentication is also necessary. This will stop the cybercriminal from accessing confidential information, even if they do manage to get their hands on an employee’s data.
Prevention should definitely not be a task that falls squarely on the shoulders of the cybersecurity department. It should be the responsibility of every area of the company. Only then, with all values aligned, cybersecurity solutions activated, and protocols established, will a company be able to stop BEC scams, and thus avoid the million euro losses that they can provoke.