Technology is always advancing, and the more it changes, the more challenging it is for businesses to protect their sensitive data and keep their network and email secure.  While ensuring that your employees are cyber-security aware and understand the risks and dangers is important, you need a proactive web and email security strategy that will act as a defence barrier and quarantine any threats before they get to your network. Without this, businesses risk the spread and advance of malware, attacks on other websites, networks, and other IT infrastructures. Should cyber-criminals manage to infiltrate your business’s system, the attack has the potential to spread to every single computer on your network, making it increasingly difficult to pinpoint its origin.

 

Organisations need to start taking a ‘prevention rather than cure’ approach to their web and email security strategy. IT security should be the primary focus for every business – especially if they want to scale and survive in the future. A cyber attack has the capability of destroying a business -from financially crippling them to ruining their brand image and trust, the devastating impact of a cyber-attack shouldn’t ever be ignored.

 

According to Microsoft, a recent survey found that a data breach cost a business the average of £2.9 million. In most cases, once an organisation has suffered this catastrophic financial loss, they can no longer afford to operate.

 

But what security threats are out there, and how can they impact your business? OGL have looked at three email and web security threats that are potentially putting your business at risk, and what you can do to prevent them from impacting your business.

 

Business Email Compromise (BEC)

Business Email Compromise (BEC) scams are one of the most common cyber security threats that are currently impacting businesses across the globe. A survey from Agari stated that 96% of businesses have received a BEC scam email in the last year, and this type of threat is expected to grow to the value of over $9 billion in 2018.

 

What is Business Email Compromise?

A business email compromise (BEC) is a man-in-the-email exploit where a hacker gets access to business’s email accounts and then imitates the business owner’s identity with the aim of defrauding the company and gaining money. BEC attacks can be categorised into two main types:

 

Credential-Grabbing BEC

Credential Grabbing BEC involves the use of phishing kits and keystroke logging in order to steal someone’s credentials and access their target’s webmail.

 

Email-Only BEC

Email-Only BEC usually comes from someone within the Financial Department of the company being targeted. The aim of this email is simple; financial gain. The email usually looks like it has come from a company executive or manager, and it instructs the target to send money to another account (either as a personal favour or to a contractor or supplier).

 

Once the BEC email has been opened, the target’s email is compromised by malware that has been downloaded onto the target’s system. Once this phishing software has been actioned,  cyber-criminals scour the target’s inbox for sensitive information such as banking details, passwords, usernames and any other information that may be of interest. After the cyber-criminal has the information they want, they then target the user’s contacts and repeat the process.

 

Mattel’s Narrow Escape of BEC

US Based toymakers, Mattel narrowly escaped a potentially devastating phishing scam in 2016 that saw $3 million being transferred from Mattel to the Bank of Wenzhou in China. This sophisticated phishing email spoofed Mattel’s new CEO Christopher Sinclair. The attackers had undertaken thorough research about the company’s employees before they’d sent the emails. Because of this, they were able to get a clear understanding of Mattel’s corporate hierarchy and payment history. A senior executive was targeted with the phishing email that had supposedly come from Sinclair who had requested a large sum be sent to the Bank of Wenzhou for a vendor. The exec was under the impression that she was complying with company protocol when she undertook the transfer. As the transfer took place on Good Friday, the hackers weren’t able to access the money until the following

Press release distributed by Newsmakers on behalf of Rice Media, on Wednesday, 17 October 2018. For more information subscribe and follow https://twitter.com/newsmakers_pr .