New Guidance For Business Email Compromise

Uploaded on 2024-05-24 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Business Email Compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data.For this reason, BEC attacks are often directed at senior staff, or those that can authorise financial transactions. 

Unfortunately, BEC attacks, which are a type of phishing attack, are significantly increasingNow, there are important new guidelines about how to disrupt targeted phishing attacks, which are often aimed at senior executives and/or budget holders in organisations.

A recent UK Government cyber-attack report revealed that in 2023, 84% of businesses and 83% of charities have experienced a phishing attack in the past 12 months. Now, the National Cyber Security Centre (NCSC) has recently published new BEC guidance includes practical steps that will reduce the likelihood of your organisation suffering from a BEC attack. 

It is specifically aimed at smaller organisations who might not have the resources (or expertise) to implement the NCSC’s existing guidance on phishing attacks in full.BEC attacks can be difficult to detect. Criminals use sneaky methods that aim to pressure victims into acting quickly. 

  • The guidance details how reducing your digital footprint, helping your staff to detect phishing emails, applying the principle of ‘least privilege’ and implementing 2-step verification can all protect against  BEC attacks. 
  • It includes steps to take if you think your email account has already been compromised, or if you have been tricked into making a fraudulent payment.

Whilst implementing the steps detailed in the guidance will reduce the likelihood of BEC attacks, it does not make your organisation impervious to all cyber threats. The NCSC has also recommend that organisations plan for attacks and practice responding to attacks in a safe environment using the NCSC’s Exercise in a Box.   

For More Information About NCSC Guidance click: HERE

NCSC   |    NCSC     NCSC   |   Gov.UK:   |   Image:  Unsplash

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud

DIRECTORY OF SUPPLIERS - Email Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« GDPR Is Six Years Old: What Is Its Impact On AI?
Time For Cyber Force »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Cybonet

Cybonet

Cybonet is committed to empowering organizations of all sizes with the tools and capabilities to detect and engage cyber security threats.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Naoris

Naoris

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

SecureAck

SecureAck

From our A-Op SaaS automation platform to Managed Automation-as-a-Service (MAaaS), SecureAck offer powerful security automation the way that best suits your organisation's needs.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

AppSentinels

AppSentinels

Appsentinels are a group of security and technology experts with a mission to fix gaps in application security.