In
this
article,
Cyber
Security
Hub
explores
how
cyber
attackers
use
threat
vectors
like
phishing,
social
engineering
and
ransomware
to
enact
business
email
compromise
(BEC).
Cybercrime
is
an
ever-growing
issue
across
virtually
every
industry.
Expected
to
have
a
global
cost
as
much
as
US$10trn
by
2025,
companies
must
fight
to
combat
malicious
actors
seeking
to
gain
from
cyber
attacks
against
them.
Threat
actors
increasingly
use
multiple
threat
vectors
during
attacks
to
overwhelm
companies
and
make
it
easier
for
them
to
gain
access
to
their
network.
This
is
makes
it
more
important
than
ever
to
safeguard
the
most
common
vehicle
for
an
initial
breach
point
–
email.
The
majority
of
hacking
groups
(65
percent)
utilize
email-based
spear
phishing
campaigns
as
their
primary
attack
vector.
This
cyber
attack
method
targets
specific
individuals
within
an
organization
with
the
goal
of
compromising
their
credentials
and
using
their
privileged
access
to
gain
further
control
of
a
business’
network
or
steal
information
that
only
certain
employees
have
access
too.
These
campaigns
can
have
a
devastating
impact,
not
least
from
a
financial
perspective;
in
May
2022,
the
US
Federal
Bureau
of
Investigation
(FBI)
reported
that
BEC
had
led
to
a
total
loss
of
$43.3bn
between
June
2016
and
December
2021.
In
this
Cyber
Security
Hub
article
will
highlight
the
key
vulnerabilities
for
those
without
sufficient
email
security
and
explain
how
to
block
threat
actors
from
carrying
out
successful
attacks
while
mitigating
data
loss
and
fraud.
Read
also:
Prevent
advanced
ransomware
attacks
with
good
email
security
Email
security
must
not
be
ignored
As
the
ransomware-as-a-service
(RaaS)
economy
matures,
ransomware
gangs
are
demonstrating
supreme
confidence
in
their
debilitating
actions.
In
January
of
this
year,
the
UK’s
Royal
Mail
had
to
completely
halt
all
dispatch
of
items
overseas
after
it
became
the
victim
of
an
alleged
LockBit
ransomware
attack.
The
ransomware
caused
“severe
disruption”
to
the
computerized
systems
used
to
send
mail
abroad
and
resulted
in
Royal
Mail
requesting
that
customers
stop
sending
mail
abroad
in
the
wake
of
the
ransomware
attack.
Verizon
also
noted
a
13
percent
increase
in
ransomware
breaches
in
2022.
As
ransomware
can
be
spread
via
BEC,
this
statistic
is
especially
worrying.
During
email-focused
cyber
attacks,
malicious
actors
may
target
low-level
data
within
the
attack’s
early
phases.
This
low-level
data
can
then
be
used
to
gain
access
to
and
steal
more
sensitive
data.
With
Microsoft
reporting
that
it
takes
hackers
just
24-48
hours
to
gain
control
of
a
network
via
a
privileged
account,
even
the
compromise
of
low-level
accounts
can
be
serious.
For
example,
a
hacker
could
pose
as
a
job
seeker
to
target
those
in
human
resources
(HR).
Hackers
rely
on
the
fact
that
HR
professionals
are
used
to
receiving
and
opening
attachments
from
unknown
senders
to
allow
their
ransomware
to
spread
across
a
network.
Additionally,
if
attackers
do
compromise
HR
emails,
this
gives
them
access
to
confidential
and
sensitive
company
information.
Read
also:
The
dangerous
vulnerabilities
caused
by
weak
email
security
Best
practices
for
alert
organizations
Understanding
the
human
element
Comprehensive
email
security
strategies
like
the
use
of
strong
passwords
and
email
encryption
can
provide
a
higher
level
of
protection
against
BEC.
This,
however,
relies
on
employees
following
the
rules
and
with
65
percent
of
people
reusing
passwords
for
multiple
or
all
of
their
accounts
and
73
percent
of
people
using
the
same
passwords
for
both
work
and
personal
accounts,
this
is
easier
said
than
done.
Likewise,
research
by
the
Harvard
Business
Review
has
found
that
67
percent
of
employees
admit
that
they
fail
to
adhere
to
cyber
security
policies,
with
a
failure-to-comply
rate
at
an
average
of
once
every
20
tasks.
In
85
percent
of
all
cases
where
employees
knowingly
broke
procedure
they
cited
work-related
reasons
for
doing
so,
including
“to
better
accomplish
tasks
for
my
job”,
“to
get
something
I
needed”
and
“to
help
others
get
their
work
done”.
So,
companies
must
recognize
that
their
cyber
security
policies
need
to
both
protect
the
company
while
also
not
preventing
their
employees
from
doing
their
jobs
efficiently.
Likewise,
employees
should
be
made
aware
of
their
role
as
those
on
the
front
line
against
email-based
cyber
attacks.
Not
doing
so
can
cause
employees
to
cut
corners
in
the
name
of
efficiency
without
understanding
the
ramifications,
ultimately
endangering
the
company.
Read
also:
Top
tips
for
cyber
security
training
Introduce
a
robust
backup
strategy
As
cyber
attackers
may
delete
or
poison
uploads
as
they
make
their
way
through
a
company’s
network,
it
is
important
that
companies
have
safeguards
in
place
to
make
sure
they
are
still
able
to
access
important
documents
even
in
the
case
that
they
need
to
shut
down
the
network.
Cyber
security
researcher
Alex
Vakulov
explains
that
having
a
‘3-2-1′
backup
strategy
can
help
ensure
the
safety
of
critical
data:
“[Using
the
3-2-1
method]
two
copies
are
stored
locally
on
the
same
site
but
on
different
media.
The
third
copy
is
separated
from
the
previous
two,
for
example
it
is
kept
in
the
cloud.
Accordingly,
if
something
happens
to
the
first
storage,
then
the
data
still
remains
in
another
storage
in
the
[on
premises]
data
center.
If
access
to
the
entire
data
center
is
lost,
a
backup
copy
remains
in
the
cloud.”
By
using
multiple
backups,
companies
can
mitigate
the
risk
and
impact
of
business
email
compromise,
allowing
them
to
continue
to
function
while
also
being
able
to
shut
down
the
network
to
stop
malicious
actors
from
gaining
further
access
to
it
and/or
poisoning
or
stealing
data.
Increase
endpoint
security
In
today’s
digital
climate,
the
number
of
devices
in
use
across
an
organization
has
risen
exponentially,
as
most
employees
need
access
to
multiple
devices
in
order
to
do
their
jobs.
When
paired
with
the
emergence
of
hybrid
or
completely
remote
working
and
the
move
away
from
a
secured
on-premises
network,
this
means
that
businesses
must
be
constantly
vigilant
about
endpoint
security.
This
need
is
already
being
recognized
in
the
cyber
security
space,
with
Cyber
Security
Hub’s
own
research
finding
that
44
percent
of
cyber
security
professionals
say
their
company
is
currently
investing
in
endpoint
security.
As
well
as
protecting
the
devices
on
its
network,
companies
need
to
protect
the
network
itself.
To
do
this,
companies
should
increase
their
detection
and
response
capabilities.
This
need
has
similarly
been
recognized
by
businesses,
with
the
same
research
finding
more
than
two
fifths
(42
percent)
of
companies
are
investing
in
threat
detection
and
response.
Conclusion:
combine
a
human-centric
approach
with
key
software
investments
An
employee-centric
approach
to
ransomware
and
BEC
threat
prevention
allows
all
employees
to
understand
the
risk
of
these
threats.
By
shifting
a
security
strategy
approach
to
understanding
the
human
element
of
these
attacks,
companies
can
help
prevent
these
attacks
by
stopping
them
before
they
infiltrate
the
network.
Additionally,
companies
should
identify
the
areas
in
which
they
can
invest
to
better
strengthen
their
ability
to
protect
against
and
respond
to
cyber
attacks,
including
endpoint
security,
cloud
storage
and
backup
facilities,
and
detection
and
response
software.
This
means
companies
have
a
double-layered
threat
prevention
approach
and
are
not
solely
reliant
on
endpoints
and
other
technology
to
stop
ransomware
after
it
is
activated.
Join
the
global
cyber
security
online
community
With
more
than
140,000
members,
Cyber
Security
Hub
is
the
vibrant
community
connecting
cyber
security
professionals
around
the
world.
About Author
