New Guidance For Business Email Compromise

Uploaded on 2024-05-24 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Business Email Compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data.For this reason, BEC attacks are often directed at senior staff, or those that can authorise financial transactions. 

Unfortunately, BEC attacks, which are a type of phishing attack, are significantly increasingNow, there are important new guidelines about how to disrupt targeted phishing attacks, which are often aimed at senior executives and/or budget holders in organisations.

A recent UK Government cyber-attack report revealed that in 2023, 84% of businesses and 83% of charities have experienced a phishing attack in the past 12 months. Now, the National Cyber Security Centre (NCSC) has recently published new BEC guidance includes practical steps that will reduce the likelihood of your organisation suffering from a BEC attack. 

It is specifically aimed at smaller organisations who might not have the resources (or expertise) to implement the NCSC’s existing guidance on phishing attacks in full.BEC attacks can be difficult to detect. Criminals use sneaky methods that aim to pressure victims into acting quickly. 

  • The guidance details how reducing your digital footprint, helping your staff to detect phishing emails, applying the principle of ‘least privilege’ and implementing 2-step verification can all protect against  BEC attacks. 
  • It includes steps to take if you think your email account has already been compromised, or if you have been tricked into making a fraudulent payment.

Whilst implementing the steps detailed in the guidance will reduce the likelihood of BEC attacks, it does not make your organisation impervious to all cyber threats. The NCSC has also recommend that organisations plan for attacks and practice responding to attacks in a safe environment using the NCSC’s Exercise in a Box.   

For More Information About NCSC Guidance click: HERE

NCSC   |    NCSC     NCSC   |   Gov.UK:   |   Image:  Unsplash

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud

DIRECTORY OF SUPPLIERS - Email Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« GDPR Is Six Years Old: What Is Its Impact On AI?
Time For Cyber Force »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

Dreamlab Technologies

Dreamlab Technologies

Over the last 20 years, Dreamlab Technologies has established itself as a source of constant innovation within the information security landscape.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

Canary Technology Solutions (Canary IT)

Canary Technology Solutions (Canary IT)

A Cloud, Cyber Security, Retail Solutions and Managed IT Services provider for over 25 years, we safeguard and revolutionise business through technology and foresight.