Despite ransomware getting the lion’s share of the tech pub headlines, business email compromise (BEC) attacks are alive and well…and having a material impact.
New data from Arctic Wolf’s 2024 State of Cybersecurity report shows that BEC attacks – whether attempted or successful – are far more widely felt than previously thought. Just recently, I wrote about how a little more than a third of attacks are BEC, but the Arctic Wold report shows a much broader presence of these attacks.
According to the report, 70% of organizations have experienced a BEC attack, with the breakdown of organizations as follows:
- 21% prevented the attempt
- 20% suffered the BEC attempt as part of a larger attack
- 29% were victims of one or more isolated BEC incidents
It’s interesting to also note that Arctic Wolf – who provide response services to their customers who have suffered an attack – saw nearly one-third (29.7%) of their incident response engagements involve BEC attacks.
And these kinds of attacks can rival, if not outshine, the dollar amounts associated with ransomware attacks. I recently covered a BEC attack that had the potential to see $130 million sent to a threat actor-controlled bank account. With average ransom payments hovering in the realm of “hundreds of thousands,” BEC’s potential for millions in losses is material and noteworthy by organizations intent on thwarting such attacks.
New-school security awareness training is critical to teach employees – particularly those whose jobs involve the use of company funds – how to spot and mitigate scams before money is lost.