16 Questions You MUST Ask Before Hiring Any IT Company
What’s the most expensive cyberattack that businesses face today? If you said business email compromise (BEC) you’re right. The FBI IC3 2021 Internet Crime Report showed that BEC packed a powerful punch against U.S. businesses that year. BEC complainants to IC3 suffered $2,395,953,296 in losses in 2021, 28% higher than 2020’s record total of $1,866,642,107. These 10 facts about business email compromise can help you gain insight into the scope of this dangerous cyber risk for businesses.
10 Facts About Business Email Compromise That You’ve Got to Know
It pays to learn the facts about business email compromise and what it looks like in action.BEC scams often start with phishing. It’s an easy and cheap way for bad actors to get the ball rolling for most of today’s nastiest cyberattacks. Phishing is popular because it works, and employees are facing a flood of phishing threats every day. The number of recorded phishing attacks hit an all-time high in Q1 2022, with more than one million attacks in a quarter recorded for the first time. Phishing lures that are part of a BEC attack are often sophisticated, making it hard for employees to handle. An estimated 97% of employees cannot detect a sophisticated malicious message.
FBI IC3 Tips for Avoiding BEC
One of the most effective weapons against phishing is regular security awareness training. This multi-benefit dynamo slashes the chance that employees will fall for a phishing lure dramatically. In fact, 80% of organizations in a study said that security awareness training reduced the chance that a staffer would fall for phishing substantially. Ultimately researchers determined that although security awareness training doesn’t work overnight, it makes steady progress that holds up over time reducing a company’s phishing risk from 60% to 10% within the first 12 months.
Beyond training with videos and quizzes (the most effective type of security awareness training), training employees to resist the temptations of phishing lures using phishing simulations is an effective tactic. In a report by Microsoft, analysts determined that when employees receive simulated phishing training, they’re 50% less likely to fall for phishing. People are more likely to learn and retain new knowledge by experience, and phishing simulations help employees hone their ability to spot red flags – and an estimated 90% of employees who receive more than five minutes of security awareness training every month are likely to know to divert suspicious messages to administrators or the IT team.
Source: ID Agent