What do you envision when you think of hacking? You may conjure up visions of an evil man sitting in a chair, scrolling through endless lines of computer code which he is furiously editing, stopping only to recognize his latest diabolical idea and incorporate it into his programming. While this image may not be far from the truth in some cases, the reality is that most forms of cyber attack rely on people’s poor cyber security and internet safety practices rather than sophisticated software. These days, tricking unsuspecting internet users by appealing to their emotions is the best way to get them to read an email and even click on a link which can, unfortunately, lead them to surrender their personal information or even make a financial payment. Such cyberattacks are often referred to as “phishing” attacks because the hackers are literally “fishing” for information about an individual that they can use for their own personal gain.
While you may think that your business has a strong cyber infrastructure which can protect you from cyber attacks of any type, the truth is that poor employee training can very easily make your organization vulnerable to phishing and related forms of email attacks. Employees who are not trained to avoid reading emails from unknown senders may unsuspectingly click a link in an email from an unknown sender, which can open up the entire company network to a slew of cyber attacks. Once an unsuspecting internet user has navigated to a malicious website, they may be asked to surrender their personal information or make a payment, which can cause even more problems for both the user and the company.
Besides phishing, there are several other forms of business email compromise – sometimes abbreviated as BEC – which can often target the high-level executives of a company for hackers’ financial gain, or for malicious entities to gain access to sensitive corporate data. The effects of BEC can be disastrous — BEC cost companies $800 million in the last half of 2016 alone and the Federal Bureau of Investigation estimates that since they began tracking such attacks, $12.5 billion in funds have been lost due to these malicious practices.
How can companies work to stop the debilitating effects of BEC? Prevention is key and can only be achieved in a two-pronged approach which both utilizes security methods such as two-factor authentication and encryption and sets a standard for best email practices at all levels of your organization.
Curious about business email compromise, and ways to protect your company against cyber attacks? Panda Security specializes in cyber security solutions to help companies operate more safely on the internet. While email-based forms of cyber attack are one of the most common forms of malicious internet activity, knowledge is power. The most effective way to protect yourself against this type of cyber attack is to learn more about it and how it operates. Panda Security offers helpful advice to avoid BEC on their blog. Check out their blog post, including a helpful infographic, on various ways to stop business email compromise.