As technology advances, criminals are leveraging Artificial Intelligence and machine learning tools to craft sophisticated, convincing emails that mimic real individuals or organisations, persuading their recipients to make fraudulent payments or disclose sensitive information. Their targets have shifted to specific industries and businesses, including law firms, accounting firms, and manufacturing companies, which comes as no surprise given that such entities engage in high-value transactions regularly.
What makes Business Email Compromise, BEC attacks particularly insidious is that they often go unnoticed until it is too late or are engineered in such a way as to exploit the urgency of demands and manipulate employees into acting quickly.
It is essential to keep an eye on BEC trends as small and medium-sized enterprises, SMEs increasingly become prime targets due, at least in part, to relatively weaker defences against cybercrime. One way to mitigate against BEC attacks is for businesses to have a resolute BEC incident response plan in place.
This plan differs from traditional incident response strategies by prioritising speed and addressing gaps in internal financial controls. It is a collaborative effort involving not only IT and cybersecurity specialists but also finance and accounting executives, particularly the CFO. This multidimensional approach helps to swiftly engage financial institutions and address potential control gaps that attackers exploit.
When a BEC incident happens, decisions need to be made quickly and under pressure, making preparation a key component of the response. An incident response team, led by the CFO, is instrumental in analysing, coordinating, and communicating during a BEC incident where clear roles and responsibilities are defined for all team members.
Key data points should include event logging, email forwarding logging, login logging, privilege escalation logging, API and OAuth2 logging. The process itself would likely necessitate swift execution, including notification of key stakeholders, locking down systems, analysing critical data, investigating using available evidence, ongoing liaison with financial institutions, and notifying relevant third parties.
While a robust BEC incident response plan will become all but indispensable for modern businesses, the odds of recovering stolen funds are low. Given the odds, taking the right steps to prevent a BEC attack from being successful is critical, which would include having robust email security measures in place from the get-go.
Independent third-party verification systems like eftsure can offer an extra layer of protection by automating payment checking and supplier verification, saving time on manual processes and reducing human error. By implementing payment screening technology, finance departments can confirm the accuracy of account numbers before authorising fund transfers, ensuring funds reach the right account.
