Business Stream 5: Business Email Compromise (BEC)
When it comes to email, the name of the game is verification and authentication. As company inboxes are the target for phishing attacks and the like, it’s an area that costs significant amounts of money annually for unlucky companies.
Such attacks are nothing new, but the social engineering behind them is getting smarter, and businesses do get caught out.
In the US, a recent FBI report found that out of nearly half a million cybercrime complaints, business email compromise (BEC) scams accounted for half of all cybercrime losses in 2019. With the average loss amounting to nearly $75,000, a similar amount can cripple or kill off a medium-sized business.
Michael Conway, director of Renaissance, said all companies will likely have experienced being targeted or attacked in some form, and one way vendors are helping protect them is by looking at things in reverse.
A big focus for companies is domain-based message authentication, reporting and conformance (DMARC), an email authentication, policy and reporting tool which helps protect organisations from email fraud.
In short, it’s a way for someone to protect their domain from unauthorised use and give people confidence that only real emails come through.
By using existing authentication techniques such as DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF), it offers instructions on what to do if a mail doesn’t pass either of those authentication methods, such as send it to the spam folder or reject them entirely.
The vendors involved in this business stream discussion – AGARI, Censornet, Fraudwatch and Redsift – handle this in different ways.
For example, Redsift offers a product called OnINBOX which gives users a colour-coded system to tell them if an email is good or suspicious. The RAG method is a straightforward way to alert someone if an email isn’t what it seems to be.
“They are all playing in this area in their own way,” said Conway. “What they’re trying to do is give email recipients and senders confidence that they can trust the email that’s coming in.
“We have this cross between helping the user, looking at the inbox and stopping the subliminal because these are confidence tricks. So subliminally it’s intercepting the email, helping the user, helping the organising and helping to mitigate and minimise the chances of something like that going through.”
As well as data being compromised and the financial hit you’d receive, the other big element of this is the hit to a company’s reputation that such attacks can have. A business’s worth is in their brand and if that gets hit, the whole company suffers.
Speaking about the threats surrounding email security, the lead facilitator for the business stream, Alex Burnham, director IT audit & security at Mazars, mentioned that organisations are under continual attack and that email is one of the primary attack vectors.
“Weak email security and user awareness is one of the easiest ways for cyber criminals to compromise your internal network and install malicious code,” he said. “Most organisation concentrate on protecting inbound emails.
“However, consideration also needs to be given to monitoring and protecting outbound network and email traffic to ensure that environment is not being used to distribute spam emails resulting in your organisation being unable to communicate with the outside world due to being blacklisted.
“Think of the impact of that – being unable to send external emails for a period of 24 hours – and what effect that may have on your operations.”
Burnham mentioned that both email gateway security solutions and multi-factor authentication for remote email access still have an important role, however newer technical solutions like DMARC are becoming increasingly important.
“In addition, ensuring that all an organisation’s staff are consistently kept aware of the current email threats and how to avoid them continues to be an important control in reducing the risk of becoming the victim of a cyber-attack,” he said.
For Conway, the implementation of DMARC is a core part of businesses protecting themselves against BEC scams but, like all areas of cybersecurity, it all comes down to implementing layers.
“Security is a layered approach . . . and ultimately you end up with a more effective level of protection and r
“You won’t end up with 100 per cent protection and if someone really wants to go after you, they’ll go after you in a targeted way. Hence the reason why you have layered approaches for different environments and the more sophisticated and the more risky the environment, the bigger the repercussions and implications a breach has,” he said.
Meet the vendors presenting at BEC
Phishing and business email compromise (BEC) attacks represent a significant, ongoing threat to business. Agari Active Defense™ BEC Threat Intelligence service gives your team the tailored, high-value insights you need to understand threats, optimise defences and reduce risk.
Using active engagement capabilities, the Agari Cyber Intelligence Division (ACID) uncovers and disarms criminals’ tactics and techniques. The result: highly-focused, actionable intel about specific BEC threats targeting your organisation. Agari Phishing Defense protects your employees by preventing these threats from reaching employee inboxes by scoring every message flowing into and within the organisation to defend against these low-volume, highly targeted identity deception based attacks.
With BEC costing business £21 billion and counting (according to the FBI, it’s a problem that’s growing and represents a significant opportunity for a fresh approach). Red Sift provides email-based security solutions that continue to have relevance in today’s market. Initially focused around OnDMARC’s domain-based protection, and stopping spoofing and business email compromise, Red Sift has recently launched OnINBOX, a warning system using machine learning to detect potential threats in every email.
OnINBOX’s role within Red Sift’s 360° Email Protection suite is to provide intelligent email threat detection to end-users by pointing out the risks inside every email. OnINBOX spots social engineering attacks using a number of unique machine-learning models that detect non-technical phishing attacks and warn the end-user.
Although Office 365 offers protection against established threats such as spam, traditional pattern matching technologies are almost entirely useless against modern email attacks.
To help keep organisations safe while using Office 365 for email – and more – Censornet has created Defence365, an ultra-modern multi-layered email security for your entire organisation from known, unknown and emerging email security threats enabling you to stop large-scale phishing, targeted attacks, CEO fraud and malware in their tracks with a comprehensive, cloud email security solution.
Censornet Email Security incorporates multiple technologies to ensure enterprise class threat detection rates with very high accuracy – over and above what single engine solutions can provide. Censornet has collaborated with some of the cloud and security industry’s most prominent thought leaders to bring you expert advice, no matter where you are on your journey to O365.
The cyberthreat landscape is continually evolving, and none more rapidly than phishing attacks. FraudWatch International is focused on disrupting these phishing attacks by finding and removing the site that harvests the personal and financial details of their clients.
FraudWatch accomplishes this by proactively monitoring for phishing activity using its proprietary anti-phishing software and taking down offending content through technical and human interaction with its worldwide network of providers. In addition to its anti-phishing services, it also offers anti-malware, social media and mobile app monitoring, security awareness, DMARC protection and more. Each month, FraudWatch takes down thousands of phishing sites, malware sites, fake domains, social media profiles and fake mobile apps.