Arctic Wolf: BEC Now Top Method of Cyber Attack on Business

A new study has revealed that Business Email Compromise attacks are now the primary method used by cybercriminals to target organisations.

A new study has revealed that Business Email Compromise (BEC) attacks are now the primary method used by cybercriminals to target organisations.

Cybersecurity company Arctic Wolf's 2024 Trends Report saw an alarming 70% of businesses worldwide were targets of attempted BEC attacks in the last year alone. Almost a third (29%) of these targets becoming victims of one or more successful BEC occurrences.

The report, based on a survey of over 1,000 senior IT and cybersecurity decision-makers across 15 countries, provides insights into the current and evolving cyber threat landscape.

BEC basics

BEC, also known as Email Account Compromise, is a sophisticated scam that exploits the legitimate email accounts. 

Often lumped together in the same breath as ransomware, BEC attacks involve social engineering tactics where cybercriminals gain unauthorised access to legitimate business email accounts and impersonate executives or employees to trick victims into transferring funds or sensitive data.

A 2024 Avast report sheds highlighted how effective these more rudimentary methods of attack can be, revealing that a staggering 90% of cyberthreats currently rely social engineering 

The rise of BEC attacks highlights the growing focus on exploiting human vulnerabilities rather than just technical flaws. Unlike automated malware campaigns, BEC scams are highly targeted and often involve meticulous research into the company's operations, personnel, and communication styles.  

While BEC may be the top attack vector currently, the report also underscores the persistent threat of ransomware, with 45% of respondents claiming their organisation suffered a ransomware attack in the previous year. Alarmingly, the majority (86%) of these attacks involved successful data exfiltration, compounding the potential damage.

The trend of increasing cyber attacks, including ransomware, aligns with previous studies on the issue. A 2023 report by Akamai and Vanson Bourne revealed that ransomware attacks have doubled over the past two years, with organisations experiencing an average of 86 such attacks in the last 12 months, up from 43 two years prior.  

Cyber threats accelerating

Experts warn that as cyber threats continue to evolve, organisations must remain vigilant and prioritise robust security measures. BEC attacks, in particular, require a heightened awareness of social engineering tactics and employee training to identify potential scams.  

This surge in attacks has driven a significant rise in the adoption of cyber insurance as a risk management strategy. The Arctic Wolf report found that 66% of organisations have an active cyber insurance policy, while another 29% are in the process of obtaining one. The study highlighted only an exceedingly small fraction (5%) of organisations now decide not to acquire coverage. 

“This year’s insights highlight the increasing sophistication of threat actors and the realities of cyber incidents for organisations all around the world. Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise. No matter the method of intrusion, the stakes are even higher for business leaders as most successful ransomware attacks involve data exfiltration,” said Ian McShane, Vice President, Managed Detection and Response (MDR), Arctic Wolf.

“While we are encouraged by the increased adoption of cyber insurance and incident response readiness programs, it is clear that there is still work to be done to overcome perennial challenges for cybersecurity leaders, including the increased financial and productivity losses due to ransomware.”

Moreover, with the rise of generative AI and large language models, 94% of organisations surveyed either have or plan to implement policies governing the use of these technologies, recognising the potential risks they pose.

As the digital landscape becomes increasingly complex, addressing vulnerabilities across networks, devices, and human factors has become paramount for organisations seeking to safeguard their operations and data. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

A SenseOn study has showed 95% of IT leaders in the UK and Ireland say stress impacts their ability to retain staff

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Google Securing WFH with Zscaler and Netskope Partnership

Network Security

Why Have Cybersecurity Budgets Soared for TMT Companies?

Operational Security

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Operational Security