Financial | Whit Little| May 31, 2024
The average cost of BEC attacks filed last year was $135,000, according to the FBI’s Internet Crime Complaint Center (IC3) 2023 Internet Crime Report
Business Email Compromise (BEC) is a serious threat to the manufacturing industry, as it can result in financial losses, data breaches, and reputational damage. Here’s how BEC works and its impact on manufacturing:
Definition: BEC is a type of cyberattack where criminals use social engineering and email spoofing to impersonate employees, executives, or business partners to trick employees into transferring money, revealing sensitive information, or performing unauthorized actions.
Methods: Attackers often conduct reconnaissance to gather information about the target company and its employees. They may then craft convincing emails that appear to be from trusted sources, such as CEOs or vendors, requesting urgent actions like wire transfers, changes to payment information, or sharing of confidential data.
Impact on Manufacturing:
- Financial Losses: BEC attacks can lead to significant financial losses for manufacturing companies. Fraudulent wire transfers or payments to attackers can result in direct monetary losses, affecting the company’s bottom line.
- Disruption of Operations: If critical systems or processes are compromised due to BEC attacks, manufacturing operations can be disrupted, leading to production delays, missed deadlines, and increased downtime.
- Intellectual Property Theft: Manufacturing companies often possess valuable intellectual property, including proprietary designs, manufacturing processes, and trade secrets. BEC attacks can result in the theft of this intellectual property, leading to loss of competitive advantage and potential legal ramifications.
- Reputational Damage: Falling victim to a BEC attack can damage a manufacturing company’s reputation. Customers, partners, and stakeholders may lose trust in the organization’s ability to protect sensitive information and conduct secure transactions, leading to long-term damage to brand image and credibility.
Prevention and Mitigation:
- Employee Training: Providing regular cybersecurity awareness training to employees can help them recognize phishing attempts and suspicious emails.
- Implementing Email Authentication: Deploying email authentication protocols such as SPF, DKIM, and DMARC can help detect and prevent email spoofing and impersonation.
- Verification Procedures: Establishing clear verification procedures for financial transactions and sensitive requests, such as requiring dual authorization or confirmation through alternate communication channels. Do not rely solely on email, make phone calls to known good contacts to verify changes to bank accounts. In addition, consider adding a pre-note authorization where a small two-digit amount (less than $1.00 in cents) is transferred, then have the receiving party verbally verify the amount of the transfer to ensure the correct bank account is being used.
- Cybersecurity Tools: Investing in robust offensive and defensive cybersecurity solutions, including email security gateways, endpoint protection, and threat intelligence platforms, can help detect and mitigate BEC attacks before they cause significant harm. Consistent employee training and scheduled penetration testing should also be considered.
By understanding the threat posed by BEC attacks and implementing appropriate offensive and preventive measures, manufacturing companies can better protect themselves against the risks including financial loss in this evolving cyber threat landscape.