Business Email Compromise (BEC) is an advanced form of phishing which uses high level accounts to build trust and authenticity, before gaining access to data or finances. This type of attack can be very effective as the relationship – and consequently, the request for data or money – is realistic and plausible.
Beyond the obvious financial implications of suffering a BEC attack, the consequences could be more far reaching and threaten your organization in the longer term. For example, the repercussions of an attack could bring your credibility into question, losing you trusted customers and potential profit.
There isn’t a single solution that will eliminate your chances of falling victim to a BEC attack. Instead, there are a number of different solutions and approaches that will give you the greatest chance of coming out the other side.
In this guide, we’ll cover some of the top solutions that will help to protect your organization from falling victim to BEC attacks. The solutions address BEC from a range of perspectives – from email spoofing, and credential theft, to phishing – in an attempt to give you the best form of protection. This list will include products that are secure email gateways, dedicated phishing firewalls, and user training platforms to give you a range of defenses.
How Do BEC Attacks Work?
BEC attacks start with an authentic inbox being accessed by a malicious actor. This can happen in a variety of ways – from using stolen credentials purchased on the dark web, to social engineering, and brute force attacks. So, the first thing you should do to prevent BEC attacks is keep your credentials safe – some of the products featured on the list focus on this.
Then, an attacker will reach out from the compromised account to existing employees or to other companies. As they are writing from a valid email address that the target is already familiar with, there is little need to be concerned. The attacker may send a fake invoice, request access to data, or even attempt to hijack another account.
With the amount of information readily available online – think of all the information you share on LinkedIn – coupled with the valid account and ability to look back at previous conversations and imitate style, BEC is a very concerning attack type.
To prevent BEC attacks, it is worth keeping an open mind about what to look for. With attackers constantly searching for new ways to trick you, there are no checklist (or limit) to how they might dupe you. Another area that could be worth investing in is Security Awareness Training (SAT) – this educates your users on suspicious behaviour and explains best practice responses.
How To Choose A BEC Solution?
When choosing a BEC solution, it’s important to make the right choice. Failure to do so could leave you with a false sense of security. You should adopt a solution that focuses on your vulnerabilities. For instance, your business may release a large quantity of emails and other communications; this could make your brand susceptible to spoofing. Alternatively, you may have a large, disparate work force, the sheer number of employees makes you susceptible to phishing attempts. When selecting a BEC solution, you should consider for the following features:
What Are Your Vulnerabilities?
If you are looking for a solution that can respond to email based threats, it may not be sited to cover SMS or visiting attacks. Before deciding what solution is best, look at where you are weakest.
Automation And Configuration
The ability to automate and configure your solution can affect how useful it is to your organization. It may be that you want a solution that you can let run in he background, without any need for input. Equally, you may want a more hands on solution that puts your in control of configuration and management.
What Are Its Features?
This might seem like an obvious point, but it is worth comparing the features of each solution to ensure it will work in your environment. URL rewriting, always on connectivity, and database cross-checking gives you the best chance of remediating threats.