In 2022, the FBI’s Internet Crime Complaint Center (IC3) received nearly 22,000 reports of business email compromise with losses reported at more than two billion dollars. This attack, in which a bad actor gains access to the email environment and then uses social engineering to steal money or data, is proving to be a difficult one for businesses to combat.
When considering strategies to minimize BEC risk, here are some key factors:
Multi-Factor Authentication is critical
Training makes a difference
Good internal controls can stop the financial loss even after a breach
Review account access and administrative settings regularly
An overall review of cyber security controls and practices can find gaps before they’re exploited
In the event that you’re a victim of a Business Email Compromise, a fast and comprehensive investigation can make an enormous difference. A proper review can end the intrusion, assess the damage, identify the perpetrator, determine root cause, and prevent future occurrences.
Factors to consider during a BEC investigation include:
The clock is ticking- more time elapsing, means more time for the bad actor to steal data and cover their tracks. Quickly seizing evidence will prevent critical data from being deleted or lost to time limits within the administrative environment.
Multiple sources of evidence- critical evidence will exist in both the email content as well as in system logs.
Documentation is key- chain of custody and proper reporting are needed in the event that criminal prosecution or expert witness testimony is required in the future.
Integration makes a difference- The forensic response and report is just one part of a larger incident response which should include management responses, lessons learned, and business process changes.
Consider Notifications- Appropriate internal and external notifications of the breach and incident should be sent in accordance with legal, regulatory, and contractual obligations- consideration should be given to possible optional notifications as needed for client or public relation purposes.
The “how” can prevent “next time-” A proper root cause analysis can guide the organization to make needed changes to prevent future incidents before they occur.
As always, if you have questions about business email compromise, cyber security, forensics, or internal controls, RubinBrown remains available to answer questions or assist.
Published: 10/23/2023
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.