FBI reports for 2019 show BEC (Business email compromise) attacks generating far better returns for cyber criminals than ransomware.
BEC attacks do not require the same level of technology or human resource as do ransomware attacks, nor do they generate the same level of impact or headline-grabbing attention.
Organisations that suffer losses may, or may not, bother reporting the crime and the chances of the crime being followed up – let alone there being a successful prosecution – are very, very low.
If you’re a criminal, what’s not to like about BEC attacks?
The good news is that, for legitimate businesses, BEC attacks are also very easy to guard against: you need robust procedures around authentication of online money transfer requests, of changes of payee address details, and of payment release authorisations.
Process controls, combined with good staff training, will keep most organisations safe.