Despite all the attention on ransomware, business email compromise (BEC) attacks remain the most financially impacting cyber threat facing the private sector. According to FBI data, in 2021 BEC attacks were responsible for the loss of $2.4 billion, in comparison to a loss of $49.2 million to ransomware attacks.
BEC attacks are not only more costly than ransomware attacks, but they also remain the top reported primary attack vector for compromising organizations. BEC attacks are also increasing in frequency, according to the FBI’s Internet Crime Complaint Center. Furthermore, BEC attacks are a significant and enduring threat for the water and wastewater sector. Last year, WaterISAC and the EPA published a joint advisory to inform water and wastewater entities of the prevalence of this type of threat. While technical controls such as multifactor authentication (MFA) can help reduce the risk posed from BEC, end-user awareness and education of BEC, VEC, and other impersonation-based scams is crucial in helping staff recognize these social engineering tactics. Read more at Darkreading.