When businesses think of security risks, they usually think of network vulnerabilities, BYOD risks or the vulnerabilities that come with the Internet of Things (to name a few). Sometimes employees and the human weak link also cross their mind, but not as much. Unfortunately, when it comes to how cybercriminals can breach a company or steal from them, there are many more ways than one.
One of these less discussed risks that business executives should be prepared for and take a look at involve Business Email Compromise (BEC) crimes. Even though this type of crime doesn’t include taking a company’s sensitive data, it does involve taking their money and that of their clients too. One report that discusses BEC crimes and the financial losses businesses can expect is the 2015 Internet Crime Report.
The report found that businesses were hit the hardest by inbox-based scams, losing a total of $263 million. However, Business Email Compromise (BEC) crimes overshadow all other types of cybercrimes looked at in 2015.
- BEC crimes include businesses hit by inbox-based financially motivated scams, which result in financial loss through unauthorized transfers of funds. So things like spoofed emails, intercepted facsimiles, and telephone communications that redirect invoice payments.
- In 2015 there were 7,838 BEC complaints totaling a loss of over $263 million.
- States losing the most to BEC attacks were California with losses of $64.5 million, New York with losses of $23.5 million, and Florida with losses of $19.6 million.
BEC attacks are some of the toughest cybercrimes for businesses to protect against since they don’t involve malware or network vulnerabilities, but rather, trust and business processes (that involve email). It’s for this reason that businesses should have a security posture that is a fully functioning part of the business process.
- This includes setting up things like continuous monitoring, security technology, having an information security steering committee that involves every department executive, and coordinating regular training for the entire staff to help them look for red flags that can help them identify a potential spoof email.
The human component of a large or small business is always going to be one of the hardest for companies to manage, but if businesses close the communication gap between IT security executives and leadership, involve security in all business aspects, and include employee training for educational and awareness purposes, they can reduce these cybercrime incidents.
When thinking of security risks, businesses need to realize the vastness of these threats. This is why businesses have a CIO and CISO, and expert security companies to provide support if needed. Even though we’ve been hearing about breaches for some time now, cybersecurity is a relatively new concept for business executives and making it a part of the business process (the way it should be to prevent major damage and breaches) has been hard. Let us help you adapt to changing times and protect your business from these evolving cyber threats; they’re only going to get worse, not go away.
Get in touch, we offer a free infosec consultation so that you can evaluate where you stand with your overall security posture.
Photo courtesy of Mathias Rosenthal