by Jon Lober | NOC Technology
Cybercrime was on the rise before COVID-19, but the remote work transition provoked by the pandemic pushed cyberattack rates to unforeseen heights. According to Moody’s Analytics 2023 Cyber Survey, since 2019, companies have increased their average spending on cybersecurity by 70% to keep up with the increasing attacks.
Recent headlines emphasize that no organization is safe from attack. Companies of all sizes are paying a heavy price. In the last month, corporate giants like MGM Resorts, Campbell Soup, and Johnson and Johnson, have lost more than $100 million dollars collectively as a result of cyberattacks, despite their nearly limitless security resources. On the other end of the spectrum, local school districts, small businesses, and non-profits across the country are being relentlessly pounded by phishing attacks and business email compromise schemes. In Missouri, the MOVEit breach recently penetrated the University of Missouri and the state’s Medicaid system.
According to the FBI’s most current Internet Crime Complaint Center Report, Missourians lost more than $118 million dollars to cybercriminals last year. Business email compromise (BEC) has proven to be one of the fraudsters’ most effective methods, costing Missouri businesses $49.1 million in 2022. Although most people think of advanced coding and technology when they think of hacking, BEC attacks fall into a low-tech category of cybercrime known as “social engineering.” Such attacks rely less on technical wizardry than they do on a breakdown in the weakest link of every cybersecurity system—the human at the keyboard.
In a typical BEC attack, a fraudster impersonates a trustworthy business associate of the target. Using a falsified or hijacked email account, the criminal pretends to be a vendor, supplier, or coworker of the victim and requests that a payment be made (often through ACH deposit) to a new banking account. Professional attackers may even go as far as falsifying PDF invoices to requests these deposits. If a hacker has acquired access to an email account within the targeted business, they can observe and research normal payment practices and schedules in order to align the timing of their attacks with the business’s standard practices.
Unfortunately, small businesses are not the only ones at risk, local school districts are becoming an increasingly popular target. Just such an attack devastated a small local school district in Washington state earlier this year, defrauding it of more than $300,000.
Many hackers have successfully swindled companies out of enormous sums with simple follow-up emails. Moments after a legitimate vendor sends an email requesting payment, the fraudster will send a follow-up email from a spoofed account, claiming to have sent the wrong account information in the previous email. As the timing and legitimacy of the context surrounding a payment goes up, so does the likelihood that a company will unthinkingly approve a payment to a hacker.
Unfortunately, small businesses are not the only organizations at risk, local school districts are becoming an increasingly popular target for online scammers. A BEC attack devastated a small local school district in Washington state earlier this year, defrauding it of more than $300,000.
Although these attacks can be difficult to detect and prevent, a well-prepared business can drastically reduce its risk through a variety of methods: correct email configurations, simulated attacks, penetration testing, ongoing employee awareness training, and advanced inbox security software. Since many small businesses lack in-house cybersecurity expertise, the most effective and economical solution for them is to contract a managed service provider (MSP) with cybersecurity experience.
As an MSP providing cybersecurity support to small businesses across Missouri, anti-phishing support has become one of our top services. Every day, we prepare and support dozens of businesses across the state to mitigate and avoid these prevalent cyberattacks—with fantastic results.
To raise awareness and preparedness across our state, we are offering a free book (with free shipping!) to help businesses prevent business email compromise. If you have not taken your first steps to prevent phishing and business email compromise from impacting your business, order your free copy of Email Fraud: How to keep hackers from hijacking your inbox.
Contact us
Existing Customers
IT Support Near Me
IT Support based in Franklin County, MO | 1816 Hwy A, Washington, MO 63090