editor’s question
WERNO GEVERS,
CYBERSECURITY
SPECIALIST,
MIMECAST ME
B
usiness Process
Compromise
attacks (BPC) are
well thought out
and time intensive
and if executed
effectively, can
have a more damaging financial effect
than most of the threats we face today.
Criminals who use BPC aren’t looking
for a quick and easy hit but understand
that by putting in the time, resources and
effort, they will reap the financial rewards
in the long run.
Unlike ransomware or Business Email
Compromise (BEC) where the aim of
the attack is to benefit with short-term
payments, BPC can go undetected for a
long time.
Once a criminal has gained access to an
organisation – often through a targeted
email attack – the criminal spends time
learning the system and understanding
how they can modify processes for
financial gain.
28
The bottom line is
that no matter how
well protected you
are against inbound
threats, unless you
are monitoring your
internal environment,
you are at major risk
of falling victim to a
BPC attack.
It’s important to firstly prevent a
criminal from gaining access, so
advanced protection against targeted
threats delivered via vectors such as
email needs to be in place. But the
problem lies in the fact that while most
organisations are starting to prioritise
security for inbound email traffic, they
assume there is little risk associated with
internal or outbound activity.
As a result, they have no security and
little to no visibility into internal email
traffic and activities. With no visibility, the
source of an attack can take weeks or
months to identify.
Malicious actors can therefore diligently
go about their business, completely
undetected as they use email to pivot
around the organisation.
According to Vanson Bourne and
Mimecast’s 2018 State of Email Security
report, 80% of organisations had
encountered internal threats driven by
compromised accounts.
BPC attacks are generally heavily
socially engineered, extremely targeted
and often difficult to detect, and
organisations need to ensure they have
an email security platform that prevents
advanced incoming threats but also
monitors the internal environment.
It’s also important to ensure that the
technology not only protects your
internal domains from social engineering
attacks but also your suppliers and
customers’ domains.
Organisations should also adopt a
process that ensures more than one
person or step approves any transaction
or process.
With the right internal protection in
place, organisations will dramatically
increase visibility and decrease the
risk of threats being spread and driven
internally. Advanced inspection of
internal and outbound activity reduces
the lateral movement of attacks.
All internal and outbound mails should
have multi-layered URL inspection,
attachment scanning including static file
analysis and sandboxing and continuous
re-checking of files against threat data to
detect previously undetected malware.
The bottom line is that no matter how
well protected you are against inbound
threats, unless you are monitoring your
internal environment, you are at major
risk of falling victim to a BPC attack.
Issue 10
|
www.intelligentciso.com