Page 101 - Cyber Defense eMagazine March 2024
P. 101
What Individuals Get Wrong About Business
Email Compromise
Businesses tend to obsess over business email compromise. This obsession is misguided.
Observations from the front lines of combating business email compromise at the SMB scale and
what we should focus on instead.
By Matt Kiely, Principal Security Researcher at Huntress
The security community tends to obsess over business email compromise (BEC) attacks. This obsession
is misguided and BEC should not be getting so much attention. Instead, security companies should be
focusing on more constructive topics.
As a principal cybersecurity researcher, I bear the shield and fight off cybercrime that would otherwise
target and destroy the small to medium sized companies globally and the managed service providers
that protect them. Most of these businesses wouldn’t survive a ransomware or BEC attack. According to
the FBI, business email compromise amongst smaller companies is now a $50B issue that is crushing
their dreams. These are the construction companies, barber shops, bakeries and 1-off retail stores who
would be devastated if they were ransomed for $500,000 or if massive funds disappeared from their
banking account as a result of a fraudulent wire transfer. The stakes are high.
The point is that these attacks are worth businesses’ attention and SMBs need to be defended.
Cyber Defense eMagazine – March 2024 Edition 101
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.