BEC (Business Email Compromise) attacks are becoming increasingly common, but it’s a form of cyber-criminal activity that few people know about. A BEC attack is a type of phishing attack in which a cyber-criminal pretends to be a company executive in an attempt to coerce an employee into providing sensitive data. An email address is set up to look legitimate, so the employee who is contacted will simply assume that they are interacting with a superior.
It might not sound like a huge risk, but the complications of a successful BEC attack can be disastrous.
The Financial Cost of BEC
When cyber criminals conduct a BEC attack, they will generally be looking to make money quickly before the deception is uncovered. For example, they could send an invoice to your accounting team with their own payment details. An employee may then make the payment, assuming it came from a legitimate source. Such deceptions have been extremely lucrative. The FBI reported 40,203 worldwide incidents between October 2013 and December 2016 – the total exposed dollar loss came in at a cool $5,302,890,448. Crunching the numbers shows an average per incident cost just shy of $132,000 (£100,678).
How BEC Costs Add Up
It isn’t just the amount of money taken by the cyber-criminal that makes up the costs associated with BEC attacks. You’ll also suffer from:
- Downtime: After a successful BEC attack, you’re going to need to commit to disaster recovery, going through emails to make sure nobody else is compromised.
- Loss of Trust: If you need to explain to your clients that you have been victim of a BEC attack, they may be less eager to do business with you in the future since your security measures will hardly appear robust.
- Data Loss: Anyone who has looked into the nitty gritty of the upcoming General Data Protection Regulation (GDPR) understands that compromising data could soon come with hefty fines. If a BEC attack saw data as well as money lost, you could be facing those fines.
BEC attacks might not seem like something to worry about, but they do happen. When they strike they have the potential to be fatal, so you should speak to an IT security provider to make sure you’re protected.