Intelligent CISO Issue 10 - Page 28

editor’s question WERNO GEVERS, CYBERSECURITY SPECIALIST, MIMECAST ME B usiness Process Compromise attacks (BPC) are well thought out and time intensive and if executed effectively, can have a more damaging financial effect than most of the threats we face today. Criminals who use BPC aren’t looking for a quick and easy hit but understand that by putting in the time, resources and effort, they will reap the financial rewards in the long run. Unlike ransomware or Business Email Compromise (BEC) where the aim of the attack is to benefit with short-term payments, BPC can go undetected for a long time. Once a criminal has gained access to an organisation – often through a targeted email attack – the criminal spends time learning the system and understanding how they can modify processes for financial gain. 28 The bottom line is that no matter how well protected you are against inbound threats, unless you are monitoring your internal environment, you are at major risk of falling victim to a BPC attack. It’s important to firstly prevent a criminal from gaining access, so advanced protection against targeted threats delivered via vectors such as email needs to be in place. But the problem lies in the fact that while most organisations are starting to prioritise security for inbound email traffic, they assume there is little risk associated with internal or outbound activity. As a result, they have no security and little to no visibility into internal email traffic and activities. With no visibility, the source of an attack can take weeks or months to identify. Malicious actors can therefore diligently go about their business, completely undetected as they use email to pivot around the organisation. According to Vanson Bourne and Mimecast’s 2018 State of Email Security report, 80% of organisations had encountered internal threats driven by compromised accounts. BPC attacks are generally heavily socially engineered, extremely targeted and often difficult to detect, and organisations need to ensure they have an email security platform that prevents advanced incoming threats but also monitors the internal environment. It’s also important to ensure that the technology not only protects your internal domains from social engineering attacks but also your suppliers and customers’ domains. Organisations should also adopt a process that ensures more than one person or step approves any transaction or process. With the right internal protection in place, organisations will dramatically increase visibility and decrease the risk of threats being spread and driven internally. Advanced inspection of internal and outbound activity reduces the lateral movement of attacks. All internal and outbound mails should have multi-layered URL inspection, attachment scanning including static file analysis and sandboxing and continuous re-checking of files against threat data to detect previously undetected malware. The bottom line is that no matter how well protected you are against inbound threats, unless you are monitoring your internal environment, you are at major risk of falling victim to a BPC attack. Issue 10 | www.intelligentciso.com