What is business email compromise?

Cyber Security Hub explores how and why cyber attackers target employee email

Add bookmark
Olivia Powell
Olivia Powell
02/09/2023

What is business email compromise

In this article, Cyber Security Hub explores how cyber attackers use threat vectors like phishing, social engineering and ransomware to enact business email compromise (BEC).

Cybercrime is an ever-growing issue across virtually every industry. Expected to have a global cost as much as US$10trn by 2025, companies must fight to combat malicious actors seeking to gain from cyber attacks against them.

Threat actors increasingly use multiple threat vectors during attacks to overwhelm companies and make it easier for them to gain access to their network. This is makes it more important than ever to safeguard the most common vehicle for an initial breach point – email.  

The majority of hacking groups (65 percent) utilize email-based spear phishing campaigns as their primary attack vector. This cyber attack method targets specific individuals within an organization with the goal of compromising their credentials and using their privileged access to gain further control of a business’ network or steal information that only certain employees have access too.

These campaigns can have a devastating impact, not least from a financial perspective; in May 2022, the US Federal Bureau of Investigation (FBI) reported that BEC had led to a total loss of $43.3bn between June 2016 and December 2021.

In this Cyber Security Hub article will highlight the key vulnerabilities for those without sufficient email security and explain how to block threat actors from carrying out successful attacks while mitigating data loss and fraud.

Read also: Prevent advanced ransomware attacks with good email security

Email security must not be ignored

As the ransomware-as-a-service (RaaS) economy matures, ransomware gangs are demonstrating supreme confidence in their debilitating actions.

In January of this year, the UK’s Royal Mail had to completely halt all dispatch of items overseas after it became the victim of an alleged LockBit ransomware attack. The ransomware caused “severe disruption” to the computerized systems used to send mail abroad and resulted in Royal Mail requesting that customers stop sending mail abroad in the wake of the ransomware attack.

Verizon also noted a 13 percent increase in ransomware breaches in 2022. As ransomware can be spread via BEC, this statistic is especially worrying.

During email-focused cyber attacks, malicious actors may target low-level data within the attack’s early phases. This low-level data can then be used to gain access to and steal more sensitive data. With Microsoft reporting that it takes hackers just 24-48 hours to gain control of a network via a privileged account, even the compromise of low-level accounts can be serious.

For example, a hacker could pose as a job seeker to target those in human resources (HR). Hackers rely on the fact that HR professionals are used to receiving and opening attachments from unknown senders to allow their ransomware to spread across a network. Additionally, if attackers do compromise HR emails, this gives them access to confidential and sensitive company information. 

Read also: The dangerous vulnerabilities caused by weak email security

Best practices for alert organizations

Understanding the human element

Comprehensive email security strategies like the use of strong passwords and email encryption can provide a higher level of protection against BEC. This, however, relies on employees following the rules and with 65 percent of people reusing passwords for multiple or all of their accounts and 73 percent of people using the same passwords for both work and personal accounts, this is easier said than done.

Likewise, research by the Harvard Business Review has found that 67 percent of employees admit that they fail to adhere to cyber security policies, with a failure-to-comply rate at an average of once every 20 tasks. In 85 percent of all cases where employees knowingly broke procedure they cited work-related reasons for doing so, including “to better accomplish tasks for my job”, “to get something I needed” and “to help others get their work done”.

So, companies must recognize that their cyber security policies need to both protect the company while also not preventing their employees from doing their jobs efficiently. Likewise, employees should be made aware of their role as those on the front line against email-based cyber attacks. Not doing so can cause employees to cut corners in the name of efficiency without understanding the ramifications, ultimately endangering the company. 

Read also: Top tips for cyber security training 

Introduce a robust backup strategy 

As cyber attackers may delete or poison uploads as they make their way through a company’s network, it is important that companies have safeguards in place to make sure they are still able to access important documents even in the case that they need to shut down the network. 

Cyber security researcher Alex Vakulov explains that having a ‘3-2-1' backup strategy can help ensure the safety of critical data: “[Using the 3-2-1 method] two copies are stored locally on the same site but on different media. The third copy is separated from the previous two, for example it is kept in the cloud. Accordingly, if something happens to the first storage, then the data still remains in another storage in the [on premises] data center. If access to the entire data center is lost, a backup copy remains in the cloud.” 

By using multiple backups, companies can mitigate the risk and impact of business email compromise, allowing them to continue to function while also being able to shut down the network to stop malicious actors from gaining further access to it and/or poisoning or stealing data. 

Increase endpoint security 

In today’s digital climate, the number of devices in use across an organization has risen exponentially, as most employees need access to multiple devices in order to do their jobs. When paired with the emergence of hybrid or completely remote working and the move away from a secured on-premises network, this means that businesses must be constantly vigilant about endpoint security. 

This need is already being recognized in the cyber security space, with Cyber Security Hub's own research finding that 44 percent of cyber security professionals say their company is currently investing in endpoint security

As well as protecting the devices on its network, companies need to protect the network itself. To do this, companies should increase their detection and response capabilities. This need has similarly been recognized by businesses, with the same research finding more than two fifths (42 percent) of companies are investing in threat detection and response.  

Conclusion: combine a human-centric approach with key software investments 

An employee-centric approach to ransomware and BEC threat prevention allows all employees to understand the risk of these threats. By shifting a security strategy approach to understanding the human element of these attacks, companies can help prevent these attacks by stopping them before they infiltrate the network.  

Additionally, companies should identify the areas in which they can invest to better strengthen their ability to protect against and respond to cyber attacks, including endpoint security, cloud storage and backup facilities, and detection and response software. 

This means companies have a double-layered threat prevention approach and are not solely reliant on endpoints and other technology to stop ransomware after it is activated. 


RECOMMENDED