Secureworks head of threat intelligence APAC Alex Tilley spoke with iTWireTV to explain what CEO fraud and other business email compromise scams are, how they work, who is behind them, and why they are successful.
With over 20 years of experience in computer security and cybercrime, Alex Tilley is a highly awarded cybercrime researcher. Alex was at the forefront of research and countermeasures when phishing and malware first began to attack banking platforms and their customers. With that background, Alex became the Australian Federal Police’s senior cyber crime technical analyst where he combined his technical background with an analytical approach to the “who” and “why” of the cybercrime fight. This work resulted in many successful investigations in the cybercrime and child protection space.
Alex is now with Secureworks and gave of his time to speak with iTWireTV about these business threats, which reap large amounts of money for the perpetrators. Often a victim may be unwilling to disclose it from embarrassment.
Hear what Alex says here, and see below for a list of the essential items Alex explains you must have in place to reduce your risk.
Alex explains organisations can minimise their risk by following these suggestions, at the very least:
1. Have a company culture where workers are encouraged to be open about mistakes without fear of punishment. The earlier a scam is acted upon, the greater the chance of recovering money.
2. Have executives set a baseline standard of expectation - make clear you won’t email staff asking them to wire money, for example.
3. Implement multi-factor authentication; don't trust the password alone.
4. Review processes and ensure actions like changing a supplier's bank account are never acted on simply on the advice of an email or other single communication that cannot be absolutely verified as authentic.