Anti-Phishing, DMARC , Business Email Compromise (BEC) , Email Security & Protection
Business Email Compromise: Must-Have Defenses
David Stubley of 7 Elements Shares BEC Incident Response Lessons LearnedIn July, the FBI warned that global losses to business email compromise - aka CEO fraud - attacks have hit at least $12.5 billion. David Stubley, who heads security testing firm and consultancy 7 Elements in Edinburgh, Scotland, which has helped numerous organizations respond to BEC attacks, says the defensive imperative is to get ahead of attackers.
See Also: The Expert Guide to Mitigating Ransomware & Extortion Attacks
"Clearly, if we can avoid the compromise, that's great, and that's what we should be aiming for, which is why we say MFA [multi-factor authentication] is a must from the outset," he says. "But certainly if there is a compromise, the more auditing you've got, the more alerting you've got and the more blocks you have in place, you're going to frustrate the attacker and you're going to give yourself the opportunity to see it occurring and therefore stop it before the worst-case scenario, which is money being paid out of the business."
Beyond money, sensitive data can also go missing via a BEC attack. And under the EU's General Data Protection Regulation, that can quickly lead to organizations having to notify regulators that they've suffered a breach.
In a video interview at Information Security Media Group's recent Security Summit: London, Stubley discusses:
- Lessons learned from the aftermath of real-world BEC attacks;
- The imperative to block attacks - using multi-factor authentication - as well as more rapidly spot and respond to intrusions;
- Essential audit logging and mail-forwarding rules.
Stubley is the founder and CEO of 7 Elements, based in Edinburgh, Scotland. He was previously manager of penetration testing services for Royal Bank of Scotland, and he served as a penetration testing project manager for Britain's Ministry of Defense as well as an IP technical security engineer for MCI WorldCom.