By David DeMoss
As of 2020, cyber incidents are now the most significant business risk. This means that businesses really need to crack down on their cybersecurity and ensure that they are educating their employees on cyber risk properly. Right now, business email compromise (BEC) seems to be the most popular approach for hackers, and they will attack everyone, no matter how big or small a company is. Hackers will watch companies for months to learn everything about them — from what company events are happening to how emails are typically formatted. Once they have a good idea of how the business works, hackers will format an email that looks legitimate to all employees, typically requesting money in some shape or form. FBI special agent Michael Driscoll urges employees to never make payment changes based off of an email, and to verify by speaking to someone first.
If a company is hit by an attack, there are a few options. First, they can file a suspicious activity report (SAR) with the FBI Crime Center. In addition, Driscoll encourages companies to speak to local law enforcement and to reach out to organizations such as the National Cyber-Forensics and Training Alliance or InfraGard National for help. To learn more details about cybersecurity and cyberattacks in 2020, read the full article from Bernice Napach below.
Add business email compromise, aka BEC, to your list of business cyber risks. It’s a growing risk and spreading around the world, according to Michael Driscoll, FBI special agent in charge, Counterintelligence/Cyber Division, in the bureau’s New York office.
“BEC is right now off the charts,” said Driscoll, who spoke at the 2020 FINRA Cybersecurity Conference. “Every business is getting targeted, from the smallest to the largest.”
These attackers “know where to send the email and they know everything about your organization before they send it … using whatever they can, including malware tools and publicly available information, so they can to best place that email and target your system,” said Driscoll.
He gave the example of a company holding an upcoming charity golf event in which most executives were playing. The attackers, having watched the company over time, knew about the event and used that time to send an urgent email requesting a change in the wired payment process, pocketing about $25,000.
“Never ever change your payments based on an internet email,” said Driscoll. “Talk to someone. Verification is needed.”
If a company is hit, it should address the issue “immediately, contacting receiving banks, trying to call back the funds and reaching out to law enforcement,” said Driscoll. Businesses can file a suspicious activity report (SAR) with the FBI Crime Complaint Center at www.IC3.gov.
‘Reach out to the FBI when attacked,” said Driscoll. “You need to tell your story, what was different, what anomalies you saw.”
The FBI can’t respond to every complaint but it needs information about attacks and suspicious activity to help suss out patterns and bad actors and prevent repeat attacks, said Driscoll.
“Get to know your local FBI office, learn about the tools that are available,” said Driscoll. “The most effective weapon is cooperation. I can do nothing without your help.”
Other resources include the National Cyber-Forensics and Training Alliance, a nonprofit partnership between private industry, government and academia focused on identifying and mitigating cybercrime, and InfraGard National, an FBI-affiliated nonprofit organization dedicated to strengthening national security, community resilience and to share information to help mitigate cyber and other threats.
In addition to BEC, distributed denial of service attacks have grown exponentially, in large part because of the “internet of things,” said Driscoll, adding that ransomware also remains a “large concern.” Ransomware attacks are more focused now, targeting the most valuable parts of companies as well as local governments “because they pay,” said Driscoll.
He recommended that companies don’t pay ransoms in ransom attacks because “you will be targeted again.”
As for the perpetrators of cyberattacks,” “hostile nation-states” such as Russia and Iran are the “most serious source of cyber-related threats,” targeting networks, personnel and corporate supply chains and developing tools that find their way into criminal activity and are easy to purchase.
Businesses around the world are growing more concerned about cyber risks. For the first time ever, cyber incidents ranked as the most important business risk globally, according to the latest Allianz Risk Barometer 2020, based on a survey of more than 2,700 business CEOs, risk managers, brokers and insurance experts in more than 100 countries. Thirty-nine percent of respondents cited cyber incidents as the No. 1 risk, replacing business interruption, which had placed first previously. Seven years ago, cyber incidents ranked 15th, with just 6% of responses.