As the year draws to a close, businesses are grappling with the dual
pressures of year-end fatigue and the approaching festive season. This
period, characterised by increased workloads and a rush to meet annual
targets, presents a ripe opportunity for cybercriminals to exploit
vulnerabilities through Business Email Compromise (BEC) schemes. With
employees often stretched thin and distracted, the risk of falling
victim to such scams is significantly heightened, necessitating
increased vigilance and proactive measures to safeguard against
potential losses.
Business Email Compromise is a sophisticated form of cybercrime that
targets organisations by infiltrating their email systems to initiate
unauthorised transactions. A common tactic involves altering banking
details on legitimate invoices. For instance, a retail company might
receive an email appearing to be from a trusted supplier, XYZ
Manufacturing, with updated banking details due to a “system upgrade”.
Without proper verification, the finance department might transfer funds
to the fraudulent account, only realising the scam when the genuine
supplier enquires about the overdue payment.
The South African business landscape, with its diverse array of
industries and extensive digital communication networks, is particularly
susceptible to these attacks. During the year-end period, employees are
often overwhelmed with closing tasks, financial reconciliations, and
holiday preparations. This pressure, coupled with the festive season’s
distractions, creates an ideal environment for cybercriminals to strike.
To combat the rising threat of BEC, businesses must prioritise
cybersecurity awareness and vigilance. This involves educating employees
about the tactics used by cybercriminals and encouraging a culture of
scepticism towards unexpected email requests, especially those involving
financial transactions. Regular training sessions and phishing
simulations can help reinforce these practices, ensuring that employees
remain alert and informed.
Moreover, implementing robust email security protocols is crucial.
Businesses should consider deploying advanced email filtering systems
that can detect and block malicious content before it reaches employees’
inboxes. Multi-factor authentication (MFA) for email accounts adds an
additional layer of security, making it more difficult for unauthorised
users to gain access.
In addition to employee education and technical safeguards, businesses
can adopt several other measures to protect themselves from BEC attacks:
Verification Processes: Establishing strict verification procedures for financial transactions,
such as requiring multiple approvals or confirming requests through
alternative communication channels, e.g. following up an email with a
phone call to the intended payee.
Access Controls : Limiting access to sensitive information and financial systems to only
those employees who need it for their roles, reducing the potential
impact of a compromised account.
Incident Response Plan: Developing a comprehensive incident response plan that outlines steps to
take in the event of a BEC attack, ensuring a swift and coordinated
response to minimize damage.
Despite best efforts, no security measure is infallible. Therefore,
businesses should consider investing in insurance policies that cover
cybercrime-related losses. Allianz’s Commercial Crime Policy, for
example, offers protection against financial losses resulting from BEC
and other forms of cybercrime. This coverage can provide a financial
safety net, helping businesses recover from the impact of an attack and
maintain operational continuity.
As businesses navigate the challenges of year-end fatigue and the
festive season, the threat of Business Email Compromise looms large. By
fostering a culture of vigilance, implementing robust security measures,
and leveraging insurance solutions like Allianz’s Commercial Crime
Policy, organizations can better protect themselves against this growing
cyber threat. In doing so, they not only safeguard their financial
assets but also reinforce their resilience in an increasingly digital
world.
