Cybersecurity isn’t unidimensional. This is one of the many reasons why it such a challenge nowadays, with many moving parts that require our attention.
A good example of this is business email compromise (BEC) and the ways that this kind of attack has to inflict damage to all parties involved.
In a business relationship, any part involved can be a victim of a BEC scam. Such scenarios are more likely to occur when the businesses lower their guard, feeling confident about the interaction they are having with their counterparts.
Most businesses are only paying attention to the cybersecurity strategies implemented in their own companies and that has a lot of sense. It isn’t rational to think that a business must be on top of its suppliers’ methods to prevent fraud. That’s too much.
Yet, a minimum of awareness is advisable.
At My IT Guy, we wanted to talk about the dynamics of business email compromise and how they play with the relationship between companies and their suppliers.
A Challenge for Everyone Involved
There is a central idea here that must be addressed and considered every single time: your supplier’s cybersecurity methods will affect your business.
This doesn’t mean that your company must invest resources to improve how your suppliers protect themselves from cyberattacks. Instead, this idea is only useful to become more aware of the threats out there and to act accordingly.
Imagine that your supplier’s email addresses get hacked and they are now being used for spoofing, sending you credible-looking email messages requesting bank account change using the hacker’s accounts.
If you see the supplier’s email address, why not to believe that everything’s correct and proceed with the payment?
In this situation, there is little we can do on a technical scale. Everything will depend on the employee’s awareness.
BEC scams aren’t limited to our own environments, as we have seen before. Then, with so many moving parts, what could we possibly do to prevent the damage they pose?
To successfully face BEC scams, we must adopt a dynamic approach, implementing mechanisms that will help us to validate information before making any payments.
The first thing is to guarantee an effective bank account ownership validation mechanism that works every time an account change is requested by the supplier. The idea is to validate this information with the supplier and bank to make sure that the change is legit, that the owner of the new bank account is the supplier and no one else.
But what is more important, the protocol for bank account change must be strict and demanding. It isn’t acceptable for a modern company to proceed with an account change after a request via email or a phone call. Instead, different authentication methods must be implemented.
Another recommendation is to limit financial responsibilities within the company, reducing the dependence on humans and decreasing the margin for social engineering success.
Reducing dependence on humans is also important because of the risk of BEC scams conducted by insiders. Employees in procurement, AP, AR, billing, treasury, and vendor maintenance could have key information that makes them able to materialize fraud. Therefore, it’s important to keep some of the security controls as a mystery for these employees. If they handle all the information, they will be able to easily attack the company from the inside.
The Problem Ahead with New Technologies
The future is promising yet it will probably give us new challenges that could be difficult to tackle. Technologies that are developing terrifyingly fast as deep fakes will create serious problems in terms of identity theft.
How a company could defend itself from a well-made deep fake video that is conducting identity theft? Options aren’t abundant. We end up with more doubts than solutions.
Nevertheless, today, there is plenty we should be doing to reduce the chance of BEC scams. Start with the fact that your trusted supplier can be the perfect channel to attack you. From there, implement the methods needed to validate all information prior to transfering money.
At My IT Guy, our team of cybersecurity experts can help you to implement highly-secure, effective mechanisms to protect your business from the threats lurking out there. Give us a call and we’ll answer all your doubts.