We have mentioned before that Business Email Compromise (BEC for short) is one of the biggest security issues facing businesses. Both Microsoft and the FBI agree. According to Microsoft security blog, 91% of cyberattacks start with email. The Internet Crime Complaint Center reports that in 2022, the total adjusted losses from BEC are over $2.7B. Yes, that is a B, as in billion not an M.
So what is BEC? Basically, it is a scammer assuming the digital identity of a person or role in a company to trick the people that company does business with into taking a desired action. Usually, we see this with requests to change the bank account information for the compromised company so that payments now go to the scammers account instead of the company account. We have also seen scenarios where they will text or email others asking them to make purchases of gift cards and send them to the compromised person’s account where they then intercept them. There are many other examples of this type of compromise (see 10 Business Email Compromise (BEC) Scam Examples)
So how do you prevent this type of compromise? Unfortunately there is not one silver bullet answer but layers of protection are needed. The layers we currently offer to protect clients are:
- WestonBlock spam/virus filtering to scan emails and look for signs of the scammers at work
- Web content filtering to try to block access to known scammer sites and domains
- Implementation of multifactor authentication to make accessing email accounts much more difficult
- Security Awareness Training for your company’s team to teach them what to look for and when to be suspicious, along with education on avoiding spear phishing
Even with all of these items in place, what we could not offer was 24×7 monitoring of Office365 accounts looking for signs of scammer activity. Instead, we had to rely on notifications either through a tool or from user notification after the fact.
We should be happening is constant monitoring is setup on your Office365 accounts to look for the suspicious scammer behavior and compromised accounts so action can be taken immediately. While some built in tools can do this part, the key is evaluating each item found to see if it is valid or just noise. If it is valid, immediate action should then be taken to isolate and lock down that compromised account before further damage can be done.
That is what the tool called Huntress MDR will do. Huntress has been a trusted partner with Weston for many years helping identify signs of breach on the computers we manage. They have been excellent to work with and allow us the ability to offer full-time monitoring for compromise at a budget that small and medium businesses can justify.
You can read more about the service and the features it offers on this whitepaper describing BEC as well as this datasheet describing more about the MDR service.
We believe Huntress MDR is a service that all businesses that use email should have in place. This type of insurance may be requirement for your cyber insurance policies. Drop us an email or contact your Account Manager for more information.