| |

Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks

In an article from KnowB4, there is new data that highlights just how dangerous business email attacks really are. The following is the complete article with helpful links.

“Business Email Compromise (BEC) attacks often don’t get the press they require; these attacks utilize a heavy dose of social engineering to spoof company email accounts and impersonate individuals within an organization.  And it’s the simplicity of the attack that makes it seemingly uneventful and lack excitement… that is, until you realize the majority of organizations are experiencing it.

This is the detail we learn quickly when reading Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report – 70% of organizations reported being the target of a BEC attack within the last 12 months. The breakdown of this 70% is equally interesting:

  • 21% of organizations detected and stopped the attack
  • 29% were victims of “one or more successful isolated BEC occurrences”
  • 20% fell victim to at least one BEC attack “as part of a larger compromise”

It’s also important to note that, according to Arctic Wolf, BEC attacks made up 29.7% of their incident response engagements in 2023, second only to ransomware attacks.

I want to go back to that “part of a larger compromise” statement from the report. That added clarification really got my attention; BEC attacks are rarely the actual attack – they are the staging for fraud, island hopping, credit card/gift card scams, and more. And that’s why BEC needs more attention.

All of this new data should come as no surprise, as we’ve already seen massive increases in BEC attacks attributed to the improvements in malicious use of generative AI.

And while phishing seems to receive the lion’s share of attention in the news, BEC is extremely damaging to its’ victims – to the tune of $2.4 Billion last year – making it imperative that all employees be educated, through security awareness training, to look for and spot impersonation within email to grow that 21% of organizations that stopped a BEC attack before it could do any harm.”

Pregnancy centers are not immune to business email compromise attacks. It is important that your organization remains vigilant. There are many types of cyber attacks, so it is important to keep your staff and volunteers informed by implementing Security Awareness Training.

Leave a Reply