Business Email Compromise (BEC) is a type of phishing-related fraud with far-reaching consequences. Not only can BEC attacks hurt your business, companies you work with can be damaged as well. BEC threats are hard to detect and mitigate, given the a byzantine structure of the attack.
Here are 10 statistics that demonstrate the increasing risk of BEC attacks, along with 5 solutions that reduce the chance of your business becoming a victim.
10 BEC Statistics
1Business email compromise rose by 14% overall in 2020 and up to 80% in some sectors
265% of organizations faced BEC attacks in 2020
3In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
4The energy and infrastructure sector topped the 2020 list with 93% of attacks
560% of the information on the dark web could potentially damage businesses
6In 2020, 80% of firms experienced an increase in cyberattacks
762% of BEC scams involve the cybercriminal asking for gift or money cards.
8The most common type of BEC scam is invoice or payment fraud
9Payment/invoice/billing scams skyrocketed by 155%, in 2020
10The average amount requested in wire transfer-based BEC attacks nearly doubled to $75,000 in the fourth quarter.
Protecting Against BEC Attacks
The most effective way to prevent business email compromise attacks is a strong, multifaceted defense against the primary delivery system: phishing email. Here are 5 solutions that help you mitigate threats and the risk of successful cyber attacks.
1 Phishing Resistance Training
An absolute must-have for any organization in today’s tumultuous world is a strong cybersecurity culture. Too many employees are still clicking on dangerous messages. Strengthen your security culture and reduce your risk of suffering email-based cyberattacks by up to 70%.
2 Advanced Threat Protection
Go beyond attack profiles and blacklist lookups. Take advantage of next-gen protections that assess content and context, leverage machine learning, and analyze the behavior of links and attachments.
3 DNS / Web Protection
Secure your DNS traffic to help prevent cyber attacks that spoof or use your identity. Block known, dangerous web sites. Block malicious web content and downloads, even from trusted sites that have been hacked.
4 Identity Access Management
Secure your user identities over time with a comprehensive approach. Include multi-factor authentication, password vaults, and single-sign on for your best protection.
5 Dark Web Monitoring
Your team probably uses their work email address (identity) to log into third party services. Breaches in these services put your business at risk. Monitor you domain for potential breaches so you can take action before you become a victim.