Mark Lukie from Barracuda comments on the ACCC Scamwatch alert regarding business email compromise (BEC).
The ACCC issued a recent, BEC related Scamwatch alert. Mark Lukie provides the following insight:
85% of BEC attacks are urgent requests designed to get a fast response, according to Barracuda researchers, with 1-in-10 spear phishing emails successfully tricking users into clicking. That number triples for emails that impersonate someone from HR or IT.
This gets to the heart of the challenge for IT security teams. Email is the number one threat vector because it allows malicious third parties to directly target what has long been regarded as the organisation’s weakest link: its employees.
Employee behaviour is hugely important in the fight against email threats. Unfortunately, the tools IT security teams put in place to prevent things from getting in don’t always work. While securing networks and computers is vital, the problem lies in where the bad guys focus their attention next – exploiting human weaknesses. The focus of security programs needs to shift to make employees more aware about the different types of attacks they could fall victim to.
By focusing on the human firewall – how they are trained, changing behaviour and the benefits of that – organisations ultimately gain a better security posture. Now they have the tools developed to allow these human firewalls to detect suspicious activity and start spooning the information back to help IT security teams be proactive in finding threats, as well as be able to remediate.
With the help of innovative technologies such as AI-powered tools, organisations can get better at spotting spoofed and malicious emails. Combined with a renewed focus on more progressive approaches to staff training and awareness, organisations can begin to fight back.
Mark Lukie is Sales Engineer Manager of Barracuda