Does your company have money in the bank? You’re a potential target for BEC
Compromised business email can be a dangerous and expensive risk.
Just_super/Getty Images
· less than 3 min read
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
When it comes to cybersecurity, ransomware is often a top-of-mind concern, but business email compromise (BEC) can often hit the bottom line harder. And businesses ignore the risk of BEC at their own costly peril, said one cybersecurity researcher.
“A lot of media attention goes to ransomware because it is a big splashy thing,” Ross Worden, consulting director at cybersecurity threat analysis firm Unit 42, said. “A lot of money goes to business email compromise.”
Worden spoke at the Association of Certified Fraud Examiners’ Global Fraud Conference in June.
Business email compromise happens when bad actors “send an email message that appears to come from a known source making a legitimate request,” according to the FBI, and then proceed to manipulate individuals and organizations into things like making payments or wire transfers. According to the FBI’s Internet Crime Complaint Center (IC3), BEC cost businesses nearly $2.4 billion in 2021, while ransomware losses totaled more than $49 million in the same year.
Worden recommended that organizations pay close attention to their cybersecurity practices to mitigate BEC risk, particularly by developing multi-factor authentication and instilling a cyber-vigilant mindset in employees across the business, no matter the size or type of business they’re in.
“If you’ve got a business that has money somewhere in a bank account, you’re going to be a target,” Worden said.—DA
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.