Blog WatchGuard

The 8 commandments to avoid BEC attacks

Business email compromise (BEC) continues to be one of the fastest growing and most risky attack vectors for companies, as it has become a multimillion-dollar business that causes almost 80 times more losses than ransomware. 

A recent study shows that recorded BEC attacks nearly doubled during 2022, and the average amount stolen in these attacks also increased, reaching $50,000. Protecting against these attacks is essential to safeguard a company’s integrity and reputation, regardless of its size, as well as to protect financial assets and the privacy of individuals. This requires a comprehensive strategy that addresses both technical and human vulnerabilities, in other words, a combination of proactive measures such as deploying a unified security platform that brings together layered security solutions and security training, which plays a vital role in educating employees about the tactics used in BEC attacks and how to recognize them. 

8 key ways to prevent BEC attacks 

1. Special focus on BEC attacks:

BEC attacks do not have their own CIS controls in place, so it is necessary to pay close attention to these attacks, especially when it comes to processes associated with updating bank accounts. For this, an account inventory must be established, inactive accounts must be deactivated and access processes and access revocation processes must be established. 

2. Awareness and training:

Users should receive regular training on the tactics used in BEC attacks and learn to recognize warning signs, such as suspicious email addresses or unusual requests. 

3. Identity verification:

These attacks usually start with a phishing email that directs the recipient to a fake login page where the threat actor can obtain credentials. Hence, it’s important to verify the identity of email senders, especially in financial transactions or requests for sensitive information. Also, using MFA can mitigate the risk of a cybercriminal using stolen credentials to access an email account and carry out a BEC scam. 

4. Strong security policies:

Organizations should implement clear policies and procedures for validating and authorizing financial transactions or access to confidential information. This includes establishing authority limits, approval processes, and verification of changes to payment information. 

5. Check URLs and attachments:

Before clicking on links or opening attachments in emails, users should verify their authenticity and security. This involves verifying URLs, using security tools to scan attachments for malware, and avoiding downloading files from untrusted sources. 

6. Keep systems and software up to date:

Exploiting known software vulnerabilities is one of the initial access vectors for cybercriminals. To protect against BEC attacks, it is essential to keep systems up to date as it helps ensure important security patches have been applied. In March 2021, Microsoft had to release emergency patches for a set of four ProxyLogon technology vulnerabilities, after criminal groups actively exploited these flaws in thousands of organizations. Applying this measure can significantly reduce the risk of falling victim to a BEC attack and protect the integrity and confidentiality of the organization's data.  

7. Monitoring and anomaly detection:

Security teams should implement monitoring and anomaly detection solutions that can identify unusual patterns or suspicious behavior in emails. This may include reviewing activity logs, detecting changes in communication patterns, and using artificial intelligence tools to identify BEC attacks. 

8. Avoid gaps in visibility:

The use of disparate products creates gaps in visibility and therefore in security. It’s essential to have security solutions that work in an integrated manner to achieve full visibility and thus prevent BEC attacks. Adopting an XDR approach such as WatchGuard ThreatSync addresses the challenge of limited threat visibility by correlating telemetry from multiple sources to provide better context on an attack. This gives security teams an advantage against advanced threats such as BEC attacks by eliminating visibility gaps and reducing detection and response time, providing greater accuracy.  

The complexity involved in protecting organizations against BEC attacks shouldn’t be underestimated. Attacks of this type are likely to continue to rise due to the large profits they generate for malicious actors. So, taking the necessary steps to prevent email from being compromised is the best bet companies can make to avoid the high costs of a data breach or the reputational losses that come with it.  

To learn more about MFA and the protection offered by a comprehensive layered security strategy, please visit the following links: