As reported back in February, Beazley Breach Response (BBR) Services saw a 133% spike in business email compromise (BEC) incidents in 2018. Now, the company has offered more detail on the various types of BEC incidents impacting businesses.
Last year, BEC incidents accounted for 24% of all incidents reported to BBR Services. That was up from just 13% in 2017, Beazley said in its latest Beazley Breach Briefing.
Forty-seven per cent (47%) of incidents investigated by BBR Services in 2018 were the result of hacking or malware. Of those, about half were BEC incidents. These are attacks in which a cyber criminal uses a compromised email address – or spoofs a legitimate address – to try to trick employees into transferring sensitive data or making payments to bank accounts controlled by the criminal.
According to Beazley, businesses can prevent email compromise by taking the following precautions:
- Implement multi-factor authentication for remote access.
- Provide regular anti-fraud training for employees.
- Use pre-determined codes to confirm requests for employees authorized to request fund transfers.
- Limit the number of employees who can authorize wire transfers.
- Apply the following checks if a vendor requests changes to its account details:
- Confirm the request by a direct phone call.
- Use pre-agreed phone numbers.
- Review all requests by a next-level approver before making any changes.
- Check that the address or bank account is the same as for previous payments.
Beazley also found that Trojans and ransomware attacks increased in 2018. The average ransomware demand in 2018 was more than $116,000 – but Beazley said that figure was somewhat skewed by some very large demands. The median demand was $10,310, while the highest demand received by a Beazley client was for $8.5 million.
The healthcare sector was the hardest-hit by ransomware attacks, followed by financial institutions and professional services. Beazley also found that small to medium-sized businesses, which typically spend less on information security, ran a greater risk of ransomware attack than large firms.
“The threat posed by cyber criminals continues to grow in complexity as they devise new techniques to breach IT security and trick unsuspecting employees into allowing them access to systems,” said Katherine Keefe, global head of BBR Services. “By handling thousands of data breaches every year, BBR Services is able to shine a light on where the new and emerging cyber threats are coming from and help businesses to better understand and prepare for a breach.”