Arctic Wolf: BEC Now Top Method of Cyber Attack on Business

BEC or Email Account Compromise is a sophisticated scam that exploits the legitimate email accounts
A new study has revealed that Business Email Compromise attacks are now the primary method used by cybercriminals to target organisations.

A new study has revealed that Business Email Compromise (BEC) attacks are now the primary method used by cybercriminals to target organisations.

Cybersecurity company Arctic Wolf's 2024 Trends Report saw an alarming 70% of businesses worldwide were targets of attempted BEC attacks in the last year alone. Almost a third (29%) of these targets becoming victims of one or more successful BEC occurrences.

The report, based on a survey of over 1,000 senior IT and cybersecurity decision-makers across 15 countries, provides insights into the current and evolving cyber threat landscape.

BEC basics

BEC, also known as Email Account Compromise, is a sophisticated scam that exploits the legitimate email accounts. 

Often lumped together in the same breath as ransomware, BEC attacks involve social engineering tactics where cybercriminals gain unauthorised access to legitimate business email accounts and impersonate executives or employees to trick victims into transferring funds or sensitive data.

A 2024 Avast report sheds highlighted how effective these more rudimentary methods of attack can be, revealing that a staggering 90% of cyberthreats currently rely social engineering 

The rise of BEC attacks highlights the growing focus on exploiting human vulnerabilities rather than just technical flaws. Unlike automated malware campaigns, BEC scams are highly targeted and often involve meticulous research into the company's operations, personnel, and communication styles.  

While BEC may be the top attack vector currently, the report also underscores the persistent threat of ransomware, with 45% of respondents claiming their organisation suffered a ransomware attack in the previous year. Alarmingly, the majority (86%) of these attacks involved successful data exfiltration, compounding the potential damage.

The trend of increasing cyber attacks, including ransomware, aligns with previous studies on the issue. A 2023 report by Akamai and Vanson Bourne revealed that ransomware attacks have doubled over the past two years, with organisations experiencing an average of 86 such attacks in the last 12 months, up from 43 two years prior.  

Youtube Placeholder

Cyber threats accelerating

Experts warn that as cyber threats continue to evolve, organisations must remain vigilant and prioritise robust security measures. BEC attacks, in particular, require a heightened awareness of social engineering tactics and employee training to identify potential scams.  

This surge in attacks has driven a significant rise in the adoption of cyber insurance as a risk management strategy. The Arctic Wolf report found that 66% of organisations have an active cyber insurance policy, while another 29% are in the process of obtaining one. The study highlighted only an exceedingly small fraction (5%) of organisations now decide not to acquire coverage. 

“This year’s insights highlight the increasing sophistication of threat actors and the realities of cyber incidents for organisations all around the world. Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise. No matter the method of intrusion, the stakes are even higher for business leaders as most successful ransomware attacks involve data exfiltration,” said Ian McShane, Vice President, Managed Detection and Response (MDR), Arctic Wolf.

“While we are encouraged by the increased adoption of cyber insurance and incident response readiness programs, it is clear that there is still work to be done to overcome perennial challenges for cybersecurity leaders, including the increased financial and productivity losses due to ransomware.”

Moreover, with the rise of generative AI and large language models, 94% of organisations surveyed either have or plan to implement policies governing the use of these technologies, recognising the potential risks they pose.

As the digital landscape becomes increasingly complex, addressing vulnerabilities across networks, devices, and human factors has become paramount for organisations seeking to safeguard their operations and data. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

How Insurance is Driving Motivation for Better Cybersecurity

A Sophos survey highlighted how insurance seems to be a driving factor for companies to improve their cyber defences

Microsoft Giving Cybersecurity Boost to Rural US Hospitals

Microsoft is giving rural hospitals a hand to help them get their cybersecurity up to snuff to keep them running amid the rising attacks on healthcare

Outpost24 Webinar to Show How CTEM Can Enhance Cybersecurity

Outpost24's webinar will provide actionable insights for attendees looking to implement Continuous Threat Exposure Management into their security strategy

Why Cato Networks' MSASE Gives Channel Partners Vendor Power

Cyber Security

ManageEngine’s Arun Kumar Talks the Threat of Mobile Malware

Hacking & Malware

SpiceRAT: Cisco Talos Sound Alarm Over New Trojan

Hacking & Malware