FINAL WORD
Remote working and the pandemic have really increased the threat that we all face and the risk to businesses , and that ’ s why now is the time to pay attention to BEC and EAC attacks .
Which controls can organisations consider implementing to thwart BEC and EAC attacks ?
Criminals are leveraging a number of different techniques and tactics to try to trick us so we can ’ t assume that there is a silver bullet or that there is one control or one technology that ’ s going to solve this problem because there isn ’ t .
As with anything in security , it ’ s a layered approach – having a process and then of course making sure that our people are aware of the threats that are targeting them and that they ‘ verify , verify , verify ’.
With BEC , one of the things that you need to focus on first of all is the technology – block as much as possible from reaching your people .
Start by authenticating email and your domain . Implement industry authentication standards like DMARC that prevent criminals from spoofing your domain . Tell your suppliers to do the same thing . By having those layers this will ultimately protect the business , its suppliers and customers .
But we also need to educate our users themselves to identify BEC attacks . Show them the real-world examples and educate them on those threats that you ’ ve blocked . And embed them in part of your security controls , make it easy for them to report bad emails and reward them for doing so .
How important is a layered approach for preventing these types of attacks ?
We need a layered approach to not only prevent BEC attacks but to be able to detect and respond to EAC attacks . For example , if you see that someone is logging in from Venezuela at 2am when they ’ re normally based in London and work 9am – 5pm ,
The technique that the criminals are using will dictate the controls that we implement to ultimately identify and block these threats .
you need to be able to remediate that . That ’ s unusual behaviour , potentially a compromised account and someone that we need to investigate . So , you need CASB solutions as well , that can detect those types of attacks .
How far do technology and education align to prevent these types of attack and should CIOs and CISOs prioritise one over the other ?
Now that our people are working remotely , we can ’ t rely solely on network firewalls , IPS solutions or the layers we ’ ve put in the data centre because we ’ ve outsourced that data centre . Our people are our new perimeter .
It ’ s critical to train employees and ensure they ’ re aware that they ’ re under attack and to show them the actual threats that we block that are targeting them .
But I don ’ t think it ’ s either or – it ’ s both working in tandem . You want to make it easy for employees to alert you by pressing a simple button in Outlook which automatically sends the email to the SOC team .
They analyse that email using technology , sandbox the email to determine whether it is bad . They send an alert back to the employee .
Then they use technology to find those emails in other employees ’ inboxes and pull those out automatically . That ’ s people , your employees , technology , the automation and sandboxing , working together to protect the organisation .
How can organisations instil confidence in their employees to ensure that these incidents are reported ?
In the past we had a tendency to shame the individual , even with the simulated phishing attacks that we send out to raise awareness .
We can ’ t victim blame or shame the individual – unless of course there is repeated behaviour – we need to make them feel safe . They are ultimately victims and we need to make it easy for them to report and reward them when they do identify a bad email .
There ’ s also gamification that you can bring into this to make it much more interesting and engage your employees .
What advice would you give those wishing to bolster their email defences ?
Fundamentally , organisations need to focus on implementing a people-centric security programme . Your people are the new perimeter , at the core of cyberdefences and they are under attack by cybercriminals .
It ’ s important for CISOs and CIOs , and all security professionals , to understand the business as well as the criminals do . Understand who your very attacked people are , who ’ s being targeted with what , who ’ s getting credential phishing , who ’ s getting malware , who ’ s getting those Business Email Compromise attacks and who ’ s credentials are compromised ?
Because based on that visibility into your very attacked people you can then build a security programme that ’ s tailored to your business and threat profile of your users . It ’ s not generic at all but is highly effective because it ’ s based on the risks that you face .
Protect your business , protect your suppliers , protect your employees and ultimately , by doing that , you ’ re protecting your data as well . •
66