Behind every business is a group of individual employees. And in most cases, and in most companies, these individuals use work and even personal email accounts to conduct business.
This one fact alone makes them prime targets for bad actors and scammers.
Digital fraud is becoming increasingly sophisticated due to the democratized use of artificial intelligence (AI) and the increasing industrialization of the fraud sector by organized crime groups, or “fraud factories,” but business email compromise (BEC) attacks Traditional social engineering techniques such as malware and malware are also on the rise. In today’s situation, injections remain an important risk to protect against.
According to the latest FBI Internet Crimes (IC3) report, BEC attacks in the United States last year resulted in an adjusted annual loss of $2.9 billion and resulted in more than 21,000 complaints to the FBI. Meanwhile, adjusted losses from malware attacks over the same period amounted to more than $59.6 million.
And reports show that many malware and BEC incidents tend to go unreported.
Especially for small and medium-sized businesses (SMBs) with moderate or no cybersecurity plans, BEC attacks and malware scams can be some of the most economically damaging online crimes.
After all, the prevalence of corporate devices and accounts makes them attractive targets for malicious attackers who deploy “spray-and-pray” approaches to compromise an organization’s defenses. . By infecting a single device, cybercriminals can frequently gain access to all accounts and wreak havoc from within a company’s walls.
read more: Commercial bank fraud surges as criminals target high-value transactions
Cybercriminals are flocking to corporate inboxes
Fortunately, the situation is not hopeless. By adopting tactics such as implementing robust cybersecurity software, securing networks and devices, educating employees, implementing multi-factor authentication, and establishing clear communication protocols to verify sensitive transactions, small businesses can , you can take steps to protect yourself from malware and BEC scams.
“Social engineering attacks have always existed, but with the advent of AI, it has become far more possible to create bots that can have trustworthy conversations with victims and persuade many victims at the same time to share their credentials, send money, or send money. It’s easier. You do other things that you wouldn’t normally do,” Maciej Pitucha, vice president of product and data at Mangopay, told PYMNTS.
“The answer is usually data… Building a successful anti-fraud solution requires a lot of data and a lot of expertise,” Pitucha added.
Earlier this year (February 26), the National Institute of Standards and Technology (NIST) published the Cybersecurity Framework (CSF) 2.0: Small Business Quick Start Guide. This guide details five key pillars that businesses should adhere to when managing cybersecurity risks. .
Identify, protect, detect, respond and recover. And supporting the five pillars is the central core of effective cyber governance.
According to the NIST framework, small businesses should ask themselves three important questions to build a cyber governance program. The first is how often do leaders revisit their existing cybersecurity strategies as their businesses grow? Next, NIST recommends that companies conduct a self-assessment to identify whether they need to upskill existing staff, hire talent, or engage external partners. Third, agencies are emphasizing the importance of educating employees about both internal policies and the broader threat landscape.
read more: Extend effective cyber hygiene across your business
Combining employee education with robust protection
As many risk management leaders PYMNTS spoke to emphasized, the first line of defense for today’s enterprises is their employees, and they are becoming increasingly aware of next-generation attack tactics and best practices for countering them. Personal education is more important than ever. .
“Post-mortem reports help you understand what your business continuity plan was and where it went wrong. If you lack hygiene, it will show up in your report. That’s why we do red team exercises and mock events. It’s very important that we do that,” Matanda Doss, executive director and principal information security manager for commercial banking at JPMorgan, told PYMNTS in December.
Along with a continued focus on handling sensitive data responsibly, it’s important to establish employee training programs on phishing awareness, password security, and social engineering.
In a separate conversation in December, Rosa Ramos Kwok, JPMorgan’s managing director and head of commercial banking business information security, said, “My first concern is to “It’s about good cyber hygiene,” he told PYMNTS.
PYMNTS Intelligence found that 82% of e-commerce sellers experienced a cyber or data breach in the last year. 47% say they lost both revenue and customers due to a breach.
