Arctic Wolf: BEC Now Top Method of Cyber Attack on Business
A new study has revealed that Business Email Compromise (BEC) attacks are now the primary method used by cybercriminals to target organisations.
Cybersecurity company Arctic Wolf's 2024 Trends Report saw an alarming 70% of businesses worldwide were targets of attempted BEC attacks in the last year alone. Almost a third (29%) of these targets becoming victims of one or more successful BEC occurrences.
The report, based on a survey of over 1,000 senior IT and cybersecurity decision-makers across 15 countries, provides insights into the current and evolving cyber threat landscape.
BEC basics
BEC, also known as Email Account Compromise, is a sophisticated scam that exploits the legitimate email accounts.
Often lumped together in the same breath as ransomware, BEC attacks involve social engineering tactics where cybercriminals gain unauthorised access to legitimate business email accounts and impersonate executives or employees to trick victims into transferring funds or sensitive data.
A 2024 Avast report sheds highlighted how effective these more rudimentary methods of attack can be, revealing that a staggering 90% of cyberthreats currently rely social engineering
The rise of BEC attacks highlights the growing focus on exploiting human vulnerabilities rather than just technical flaws. Unlike automated malware campaigns, BEC scams are highly targeted and often involve meticulous research into the company's operations, personnel, and communication styles.
While BEC may be the top attack vector currently, the report also underscores the persistent threat of ransomware, with 45% of respondents claiming their organisation suffered a ransomware attack in the previous year. Alarmingly, the majority (86%) of these attacks involved successful data exfiltration, compounding the potential damage.
The trend of increasing cyber attacks, including ransomware, aligns with previous studies on the issue. A 2023 report by Akamai and Vanson Bourne revealed that ransomware attacks have doubled over the past two years, with organisations experiencing an average of 86 such attacks in the last 12 months, up from 43 two years prior.
Cyber threats accelerating
Experts warn that as cyber threats continue to evolve, organisations must remain vigilant and prioritise robust security measures. BEC attacks, in particular, require a heightened awareness of social engineering tactics and employee training to identify potential scams.
This surge in attacks has driven a significant rise in the adoption of cyber insurance as a risk management strategy. The Arctic Wolf report found that 66% of organisations have an active cyber insurance policy, while another 29% are in the process of obtaining one. The study highlighted only an exceedingly small fraction (5%) of organisations now decide not to acquire coverage.
“This year’s insights highlight the increasing sophistication of threat actors and the realities of cyber incidents for organisations all around the world. Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise. No matter the method of intrusion, the stakes are even higher for business leaders as most successful ransomware attacks involve data exfiltration,” said Ian McShane, Vice President, Managed Detection and Response (MDR), Arctic Wolf.
“While we are encouraged by the increased adoption of cyber insurance and incident response readiness programs, it is clear that there is still work to be done to overcome perennial challenges for cybersecurity leaders, including the increased financial and productivity losses due to ransomware.”
Moreover, with the rise of generative AI and large language models, 94% of organisations surveyed either have or plan to implement policies governing the use of these technologies, recognising the potential risks they pose.
As the digital landscape becomes increasingly complex, addressing vulnerabilities across networks, devices, and human factors has become paramount for organisations seeking to safeguard their operations and data.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Resurgence of Spam: Cisco Talos Sound Alarm on New TacticsHacking & Malware
- Orange Cyberdefense's Wicus Ross Talks Cyber Extortion TrendHacking & Malware
- I-GRIP: INTERPOL's Mechanism that Stopped a $42m BEC FraudTechnology & AI
- Hitachi Vantara: How to Secure Data in Age of AI RansomwareHacking & Malware