Business Email Compromise: Must-Have Defenses

November 5, 2018


In July, the FBI warned that global Losses to business email compromise – aka CEO fraud – attacks have hit at least $12.5 billion. David Stubley, who heads security testing firm and consultancy 7 Elements in Edinburgh, Scotland, which has helped numerous organizations respond to BEC attacks, says the defensive imperative is to get ahead of attackers.

“Clearly, if we can avoid the compromise, that’s great, and that’s what we should be aiming for, which is why we say MFA [multi-factor authentication] is a must from the outset,” he says. “But certainly if there is a compromise, the more auditing you’ve got, the more alerting you’ve got and the more blocks you have in place, you’re going to frustrate the attacker and you’re going to give yourself the opportunity to see it occurring and therefore stop it before the worst-case scenario, which is money being paid out of the business.”

Read More on DataBreach Today