Arctic Wolf: BEC Now Top Method of Cyber Attack on Business

Share
BEC or Email Account Compromise is a sophisticated scam that exploits the legitimate email accounts
A new study has revealed that Business Email Compromise attacks are now the primary method used by cybercriminals to target organisations.

A new study has revealed that Business Email Compromise (BEC) attacks are now the primary method used by cybercriminals to target organisations.

Cybersecurity company Arctic Wolf's 2024 Trends Report saw an alarming 70% of businesses worldwide were targets of attempted BEC attacks in the last year alone. Almost a third (29%) of these targets becoming victims of one or more successful BEC occurrences.

The report, based on a survey of over 1,000 senior IT and cybersecurity decision-makers across 15 countries, provides insights into the current and evolving cyber threat landscape.

BEC basics

BEC, also known as Email Account Compromise, is a sophisticated scam that exploits the legitimate email accounts. 

Often lumped together in the same breath as ransomware, BEC attacks involve social engineering tactics where cybercriminals gain unauthorised access to legitimate business email accounts and impersonate executives or employees to trick victims into transferring funds or sensitive data.

A 2024 Avast report sheds highlighted how effective these more rudimentary methods of attack can be, revealing that a staggering 90% of cyberthreats currently rely social engineering 

The rise of BEC attacks highlights the growing focus on exploiting human vulnerabilities rather than just technical flaws. Unlike automated malware campaigns, BEC scams are highly targeted and often involve meticulous research into the company's operations, personnel, and communication styles.  

While BEC may be the top attack vector currently, the report also underscores the persistent threat of ransomware, with 45% of respondents claiming their organisation suffered a ransomware attack in the previous year. Alarmingly, the majority (86%) of these attacks involved successful data exfiltration, compounding the potential damage.

The trend of increasing cyber attacks, including ransomware, aligns with previous studies on the issue. A 2023 report by Akamai and Vanson Bourne revealed that ransomware attacks have doubled over the past two years, with organisations experiencing an average of 86 such attacks in the last 12 months, up from 43 two years prior.  

Youtube Placeholder

Cyber threats accelerating

Experts warn that as cyber threats continue to evolve, organisations must remain vigilant and prioritise robust security measures. BEC attacks, in particular, require a heightened awareness of social engineering tactics and employee training to identify potential scams.  

This surge in attacks has driven a significant rise in the adoption of cyber insurance as a risk management strategy. The Arctic Wolf report found that 66% of organisations have an active cyber insurance policy, while another 29% are in the process of obtaining one. The study highlighted only an exceedingly small fraction (5%) of organisations now decide not to acquire coverage. 

“This year’s insights highlight the increasing sophistication of threat actors and the realities of cyber incidents for organisations all around the world. Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise. No matter the method of intrusion, the stakes are even higher for business leaders as most successful ransomware attacks involve data exfiltration,” said Ian McShane, Vice President, Managed Detection and Response (MDR), Arctic Wolf.

“While we are encouraged by the increased adoption of cyber insurance and incident response readiness programs, it is clear that there is still work to be done to overcome perennial challenges for cybersecurity leaders, including the increased financial and productivity losses due to ransomware.”

Moreover, with the rise of generative AI and large language models, 94% of organisations surveyed either have or plan to implement policies governing the use of these technologies, recognising the potential risks they pose.

As the digital landscape becomes increasingly complex, addressing vulnerabilities across networks, devices, and human factors has become paramount for organisations seeking to safeguard their operations and data. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Why is Active Directory a Concern for CISOs?

Jim Doggett, CISO at Semperis, explains why Active Directory is worrying CISO’s, the consequences of it and how it can be secured to prevent cyber attacks

Palo Alto Networks, Deloitte and The Push to Platformization

By expanding their partnership to EMEA, Palo Alto Networks is bringing to Deloitte the platformization needed in the modern cybersphere

Insurers Now Spotlighting Identity and Privilege Compromises

Delinea's latest survey reveals a sharp rise in cybersecurity insurance claims, pushing for advanced identity protection measures. Dive into how AI and met

Trend Micro Address AI Threat to Mobile Users with New App

Hacking & Malware

Solarwinds CISO Wants Global Cyber Laws After Winning Case

Cyber Security

Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Hacking & Malware