///////////////////////////////////////////////////////////////////////////////////////////////////////////
T
rend Micro Incorporated, a global
leader in cybersecurity solutions,
has revealed that 43% of surveyed
organisations have been impacted by
a Business Process Compromise (BPC)
including those in Kuwait.
Despite a high incidence of these types of
attacks, 50% of management teams still
don’t know what these attacks are or how
their business would be impacted if they
were victimised.
In a BPC attack, criminals look for loopholes
in business processes, vulnerable systems
and susceptible practices. Once a weakness
has been identified, a part of the process is
altered to benefit the attacker, without the
enterprise or its client detecting the change.
If victimised by this type of attack, 85% of
businesses would be limited from offering at
least one of their business lines.
“We’re seeing more cybercriminals
playing the long game for greater reward,”
said Rik Ferguson, Vice President of
Security Research for Trend Micro. “In
a BPC attack, they could be lurking in a
company’s infrastructure for months or
years, monitoring processes and building
up a detailed picture of how it operates.
From there they can insert themselves into
critical processes, undetected and without
human interaction. For example, they
might re-route valuable goods to a new
address, or change printer settings to
steal confidential information – as was
the case in the well-known Bangladeshi
Bank heist.”
Global security teams are not ignoring
this risk, with 72% of respondents stating
that BPC is a priority when developing
and implementing their organisation’s
cybersecurity strategy.
However, the lack of management
awareness around this problem creates
a cybersecurity knowledge gap that
could leave organisations vulnerable to
attack as businesses strive to transform
and automate core processes to increase
efficiency and competitiveness.
The most common way for cybercriminals
to infiltrate corporate networks is through a
Business Email Compromise (BEC). This is a
type of scam that targets email accounts of
high-level employees related to finance or
involved with wire transfer payments, either
spoofing or compromising them through key
loggers or phishing attacks.
In Trend Micro’s survey, 61% of
organisations said they could not afford to
lose money from a BEC attack. However,
according to the FBI, global losses due to
BEC attacks continue to rise, reaching US$12
billion earlier this year.
www.intelligentcio.com
INTELLIGENTCIO
17