All this volatility makes one thing certain – the cyber threat landscape is heating up like never before.
With cyber now an integral theatre in warfare, experts are warning that malicious actors are targeting organisations around the world with increased sophistication.
And it’s not just nation-states that are engaging in offensive cyber activities. Increasingly we are seeing governments working in concert with criminal syndicates to wreak havoc by overwhelming organisations with cyber-crime acts.
One reason governments may choose to work alongside criminal syndicates when targeting other countries is that it allows them to cover their tracks and claim plausible deniability.
One result of this unholy alliance between offensive state and non-state actors is that financially motivated attackers can leverage the expertise and computing firepower of governments to exponentially increase the number of organisations they target.
That’s why you cannot afford to be complacent, especially at a time of heightened volatility. Any organisation may be targeted at any time.
When it comes to protecting your organisation from cyber-crime, one attack vector is surging more than any other: Business Email Compromise, or BEC.
In 2020-2021, over 4,600 BEC incidents were reported to the Australian Cyber Security Centre, far outweighing all other attack vectors. During the same time, only 500 ransomware incidents were reported.
Organisations are far more exposed to a BEC attack than any other type of cyber-attack.
At the same time, the average amount lost to a successful BEC attack has surged to over $50,600 – a whopping 54% increase over the previous year.
What is Business Email Compromise?
In short, financially motivated cyber-criminals hack into an executive’s email account and issue fake payment instructions to accounts payable staff. Attackers can also hack into a supplier’s email account and manipulate the payment details in invoices. When your accounts team processes the invoice, they inadvertently send the funds to a bank account controlled by the attacker.
Why are BEC rates surging?
When processing online banking transactions, Australian banks don’t have the ability to verify that the Account Name you entered corresponds to the BSB/Account Number entered. This verification gap opens up an opportunity for cyber criminals. If they can manipulate the BSB/Account Number, whilst leaving the correct Account Name in place, accounting staff are unlikely to notice that fraudulent activity is taking place right under their noses.
Who is behind BEC attacks?
Foreign criminal syndicates are masterminding this threat. To facilitate their activities, stolen funds are sent to Australian bank accounts controlled by local money mules, who rapidly disperse the proceeds of crime to a range of international bank accounts or convert the funds into cryptocurrency.
How can we prevent BEC attacks?
When it comes to protecting your organisation from BEC, you need to leverage your people, make sure you have the right processes in place and embrace the right technology that can assist you in the fight.
Staff need risk awareness training, so they are equipped to identify a potential attack. Processes and internal controls need to be robust, so supplier banking details can be regularly verified for suspicious anomalies. Technology solutions need to be adopted that will help you automatically identify suspicious outgoing payments.
Eftsure is a unique solution that aggregates banking and corporate data from over 2.5 million Australian organisations, including 85% of active Australian companies. Sitting on top of your accounting processes, Eftsure ensures that you are processing payments to the correct recipient, by verifying that others have paid the same supplier using a matching BSB/Account Number.
This is the most effective and efficient way to mitigate your organisation’s risk of falling victim to BEC. Speak with us today to safeguard your financial assets at this time of heightened volatility and risk.
Download our free guide now to begin enhancing your organisation's cyber resilience.