Anti-Phishing, DMARC , Business Email Compromise (BEC) , Email Security & Protection

Business Email Compromise: Must-Have Defenses

David Stubley of 7 Elements Shares BEC Incident Response Lessons Learned
David Stubley, CEO, 7 Elements

In July, the FBI warned that global losses to business email compromise - aka CEO fraud - attacks have hit at least $12.5 billion. David Stubley, who heads security testing firm and consultancy 7 Elements in Edinburgh, Scotland, which has helped numerous organizations respond to BEC attacks, says the defensive imperative is to get ahead of attackers.

See Also: The Expert Guide to Mitigating Ransomware & Extortion Attacks

"Clearly, if we can avoid the compromise, that's great, and that's what we should be aiming for, which is why we say MFA [multi-factor authentication] is a must from the outset," he says. "But certainly if there is a compromise, the more auditing you've got, the more alerting you've got and the more blocks you have in place, you're going to frustrate the attacker and you're going to give yourself the opportunity to see it occurring and therefore stop it before the worst-case scenario, which is money being paid out of the business."

Beyond money, sensitive data can also go missing via a BEC attack. And under the EU's General Data Protection Regulation, that can quickly lead to organizations having to notify regulators that they've suffered a breach.

In a video interview at Information Security Media Group's recent Security Summit: London, Stubley discusses:

  • Lessons learned from the aftermath of real-world BEC attacks;
  • The imperative to block attacks - using multi-factor authentication - as well as more rapidly spot and respond to intrusions;
  • Essential audit logging and mail-forwarding rules.

Stubley is the founder and CEO of 7 Elements, based in Edinburgh, Scotland. He was previously manager of penetration testing services for Royal Bank of Scotland, and he served as a penetration testing project manager for Britain's Ministry of Defense as well as an IP technical security engineer for MCI WorldCom.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.