Monday, 20 December 2021 14:21

The rising threat of business email compromise attacks presents opportunities for MSPs Featured

By Luke Smith, regional account director, Barracuda MSP
Luke Smith, Regional Account Director, Barracuda MSP Luke Smith, Regional Account Director, Barracuda MSP

GUEST OPINION: It’s been an essential communication tool for decades, but now email is becoming a growing source of security threats for Australian businesses. Indeed, the Australian Cyber Security Centre’s Annual Cyber Threat Report 2021 stated that the average loss for each successful business email compromise attack is now more than $50,600.

Targeted messages appearing to come from legitimate sources are being increasingly used by cybercriminals intent on causing disruption or achieving financial gain. Frustratingly for security teams, the tactic is working.

According to recent research by Barracuda1, an average organisation is now targeted by more than 700 email-based social engineering attacks every year. The average chief executive alone received 57 targeted phishing attacks during the same period.

Growing sophistication

While such attacks are far from new, it’s the growing sophistication that has security experts most concerned. Where once they were relatively easy to spot because of clumsy wording or suspicious sending addresses, now they can be almost impossible to differentiate from legitimate emails.

During the 12-month period covered by the research, it was discovered that the Microsoft brand was used in 43% of all phishing attacks. This was followed by WeTransfer (18%), DHL (8%) and Google (8%).

Attacks are also becoming much more targeted. In the past, the same fraudulent email tended to be sent to large numbers of recipients in the hope that a small proportion would be tricked into opening them and either clicking on a link or opening an infected attachment.

Now, it’s more likely that phishing emails will be tailored for their recipients. This could be done by appearing to come from a business with which the recipient already has a relationship. Alternatively, the messages may seemingly have been sent by a friend or co-worker.

The types of people being targeted is also shifting. The research found 77% of business email compromise (BEC) attacks are aimed at employees outside of traditional financial and executive roles. Around one in five involve employees in sales positions.

Not just ransomware

Although ransomware is becoming an increasing issue for businesses, BEC attacks also take other forms.

For example, during 2020, an Australian hedge fund fell victim to an attack which forced it into bankruptcy. The attack involved the sending of false invoices which led to the company inadvertently transferring $8.7 million to bank accounts controlled by the cybercriminals.

That incident is not a one-off event. According to ACCC*, total losses amounted to $128 million in 2020 with the average loss per successful attack coming in at more than $50,000.

Protecting against attacks

With the threat of BEC attacks continuing to increase, there are some key protective measures that MSPs can support Australian businesses with. They include:

  • Deploy AI tools:
    Artificial intelligence (AI) is becoming a valuable technology aiding the fight against cybercrime in general and BEC attacks in particular. AI-powered tools can spot suspicious attacks before they are launched and alert security teams that action is required.
  • Train staff:
    Unfortunately, the weakest link in cybersecurity remains the users. It’s therefore vital that organisations ensure their staff are aware of the threats posed by BEC attacks and the steps they can take to avoid becoming victims.
  • Review internal policies:
    Training should be backed up by a comprehensive review of existing policies on how email is managed. The policies should include how and where messages are stored, the security measures protecting accounts, and who should be alerted if suspicious activity is spotted.
  • Deploy account takeover protection:
    Many BEC attacks originate from compromised email accounts. For this reason, it is important to have in place measures that secure staff accounts and ensure that
    unauthorised access is prevented.

Email is going to remain an enticing attack vendor for cybercriminals for some time to come. For this reason, it’s important for businesses to take all the necessary steps to reduce the likelihood that they will be successful. Make 2022 the year that BEC attacks awareness is highlighted within your organisation.

  * Source: Targeting scams: Report of the ACCC on scams activity 2020 (ACCC, 7 June 2021)


1  https://www.barracuda.com/spearphishing-vol6


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments