Business email compromise (BEC) is costly. The latest Internet Crime Report from the FBI’s Internet Crime Complaint Center notes that businesses lost more than $2.7 billion due to these scams in 2022. Another staggering statistic that is less reported: BEC losses were almost 80 times that of ransomware last year.
The rate of BEC attacks and the average loss per incident are likely to keep climbing, which makes BEC an ongoing concern for businesses. A recent report by Gartner, How to Protect Organizations Against Business Email Compromise Phishing, offers companies several recommendations to help them reduce the risk of these attacks and minimize potential losses.
Below, we share five top takeaways and key findings from this 2023 report. We also explain how Proofpoint can help protect your business against BEC attacks by linking what we do to Gartner’s recommendations.
1. To combat BEC, businesses need to invest in email security rather than relying on endpoint protection
Not all BEC scams contain a malicious payload like malware or malicious links. That’s why endpoint protection and endpoint detection and response platforms are not effective defenses for these types of attacks.
Gartner recommends: If you’re a security and risk management leader who is responsible for infrastructure security, you can maximize your protection against BEC by seeking out and implementing artificial intelligence (AI)-based secure email gateway solutions. Look for solutions that offer:
- Advanced BEC phishing protection
- Behavioral analysis
- Impostor detection
- Internal email protection
Proofpoint protects: Proofpoint believes that Gartner report’s recommendation stems from the understanding that stopping BEC attacks before they reach a recipient’s inbox is the best method to minimize risks. This strategy is at the heart of the Proofpoint Aegis threat protection platform.
Proofpoint has used machine learning (ML) for more than two decades to detect email threats. We create the highest levels of BEC detection efficacy through our combination of AI/ML-driven behavioral analysis and rich threat intelligence.
2. Supplement email security with additional controls to reduce the risk of ATO
Account takeover fraud (ATO) is often a feature in BEC attacks. It occurs when an adversary gains control of a legitimate account. To reduce the risk of ATO, businesses need to be able to recognize whether an email is from a genuine sender.
Gartner recommends: Businesses should supplement their existing email security solutions with additional controls to further reduce the risk of BEC attacks like ATO and domain abuse.
Proofpoint protects: To protect against account takeover, you need to identify accounts that might be compromised and automate remediation. If you rely solely on behavioral analytics to detect these accounts, you could end up with a high volume of false alerts.
Proofpoint combines behavioral analysis with our rich threat intelligence to detect both compromised employee accounts and compromised third-party accounts.
How Proofpoint helps when ATO occurs
If an internal account has been compromised, a password reset isn’t enough. Attackers in your environment can still manipulate third-party apps and gain persistent access to the account to wage attacks at will.
Proofpoint TAP Account Takeover (TAP ATO) provides insights into what types of threats are targeting your users’ email accounts. And it provides you with the tools you need to take corrective action to protect a compromised account.
TAP ATO correlates threat intelligence with artificial intelligence, ML and behavioral analytics to find malicious events across the email attack chain. It helps you see who is being attacked and how, and it provides automated remediation.
How Proofpoint helps when supplier accounts are compromised
Proofpoint Supplier Threat Protection gives you insight into which third-party and supplier accounts may be compromised.
We combine AI/ML-driven behavioral analysis with threat intelligence, which we gather throughout our ecosystem. By doing this, we can detect compromised accounts and notify you about them—even if said account has not sent messages to your business directly. And when you receive early warnings, you can take proactive steps to prevent attacks.
3. Authenticate email domains to reduce email exploits and domain abuse
Attackers use convincing emails to exploit business process errors and immature practices that involve the transfer of funds and/or sensitive data. The tactics they use include sending requests to change payment details and wiring instructions to send funds to accounts that they control.
Gartner recommends: Businesses should update their processes around user and email authentication for financial and data transactions. To bridge gaps in process errors, they should migrate high-risk, ad-hoc transactions to authenticated systems.
Proofpoint protects: Email authentication plays a critical role in helping to break the attack chain. Proofpoint Email Fraud Defense is a comprehensive solution that helps you protect your business against sender impersonation.
- Protect your email identity
- Provide supplier risk insight
- Monitor for lookalike domains
- Increase your overall security posture
4. Empower users with the right tools and knowledge to spot BEC
Gartner notes that human errors account for about 74% of all security breaches. Social engineering attacks take advantage of the fact that humans make mistakes. And now those attacks comprise 50% of all security incidents.
Gartner recommends: Businesses need to educate their users, suppliers and partners about the different types of BEC phishing attacks. They should inform them about preventive measures for protection, by conducting user awareness training at regular intervals.
Proofpoint protects: With Proofpoint Security Awareness, you can run a threat-driven training program that:
- Provides top clickers and most attacked users with targeted training based on the threats that they receive
- Trains users on trending BEC threats and the latest attack tactics, such as payroll diversion and fake invoices
You can also employ Email Warning Tags to provide contextual nudges and alert users. This will help these users make more informed decisions about emails that they are unsure about.
5. Automate detection and response with MSOAR
When businesses automate tasks such as triaging alerts and user-reported phish email, they can reduce response times. They can also ease human fatigue.
Gartner recommends: Businesses should deploy a threat detection and response system like MSOAR (mail-focused security orchestration, automation and response). That will allow them to triage suspected emails that are reported by end users, incident response and investigation. And it will help them respond to and investigate incidents faster.
Proofpoint protects: Proofpoint automates threat detection and remediation. You can use our Threat Response Auto Pull to quarantine or remove suspicious or unwanted email with just one click. You can automate that process, too—even if emails are forwarded or received by other users.
Our PhishAlarm reporting button and Email Warning Tags make it easy for your users to report messages that they are unsure about. Once they’re reported, our industry-leading platform automatically analyzes them. If a message is found to be a threat, it can be remediated or quarantined automatically.
You can also automate the feedback that’s sent to users, which notifies them about the results of this analysis. And you can customize those messages to reinforce their positive reporting behavior.
Is your business ready to defend against BEC?
Proofpoint thinks Gartner has done a great job of providing real-world recommendations related to BEC. The question for you to consider now is how well your company’s security measures align with them.
You can access the full report from Gartner here. And when you are ready to strengthen your company’s BEC defenses, contact Proofpoint. We can help, no matter where you are in your protection journey.
Gartner, How to Protect Organizations Against Business Email Compromise Phishing, Satarupa Patnaik, Franz Hinner, 21 August 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.