EDITOR’S QUESTION
attack can take weeks or months to identify.
Malicious actors can therefore diligently
go about their business, completely
undetected as they use email to pivot
around the organisation.
According to Vanson Bourne and
Mimecast’s 2018 State of Email Security
report, 80% of organisations had
encountered internal threats driven by
compromised accounts.
BPC attacks are generally heavily socially
engineered, extremely targeted and often
difficult to detect, and organisations need
to ensure they have an email security
platform that prevents advanced incoming
threats but also monitors the internal
environment. It’s also important to ensure
that the technology not only protects your
internal domains from social engineering
attacks but also your suppliers and
customers’ domains.
Organisations should also adopt a process
that ensures more than one person or step
approves any transaction or process.
B
usiness Process Compromise attacks
(BPC) are well thought out and time
intensive and if executed effectively,
can have a more damaging financial effect
than most of the threats we face today.
Criminals who use BPC aren’t looking for a
quick and easy hit but understand that by
putting in the time, resources and effort,
they will reap the financial rewards in the
long run.
Unlike ransomware or Business Email
Compromise (BEC) where the aim of
the attack is to benefit with short-term
payments, BPC can go undetected for a long
time. Once a criminal has gained access to
an organisation – often through a targeted
18
INTELLIGENTCIO
email attack – the criminal spends time
learning the system and understanding how
they can modify processes for financial gain.
It’s important to firstly prevent a criminal
from gaining access, so advanced protection
against targeted threats delivered via
vectors such as email needs to be in place.
But the problem lies in the fact that while
most organisations are starting to prioritise
security for inbound email traffic, they
assume there is little risk associated with
internal or outbound activity.
As a result, they have no security and little
to no visibility into internal email traffic and
activities. With no visibility, the source of an
With the right internal protection in place,
organisations will dramatically increase
visibility and decrease the risk of threats
being spread and driven internally. Advanced
inspection of internal and outbound activity
reduces the lateral movement of attacks.
All internal and outbound mails should have
multi-layered URL inspection, attachment
scanning including static file analysis and
sandboxing and continuous re-checking of
files against threat data to detect previously
undetected malware.
The bottom line is that no matter how well
protected you are against inbound threats,
unless you are monitoring your internal
environment, you are at major risk of falling
victim to a BPC attack.
www.intelligentcio.com