Cybercriminals are using ever-more sophisticated methods to exploit human weaknesses in an organization’s cyber-defenses, including business email compromise (BEC, or fraudulent instruction scams), which are significantly on the rise and costing businesses crippling damage.
Claims data recorded by Beazley, a specialist provider of cyber-insurance, indicates that organizations are facing an increased threat to their operations from fraudulent instruction scams. The number of incidents reported to Beazley Breach Response Services (BBR Services) quadrupled in 2017, with policyholders incurring losses ranging from a few thousand dollars up to $3 million. With claims amounts in 2017 averaging $352,000, fraudulent instruction has rapidly become a significant financial threat to many organizations.
In the gambit, criminals use hacking and phishing techniques to accumulate information that allows them to send plausible-looking requests to transfer funds to bogus accounts. In addition to losing money, organizations may also have to conduct exhaustive systems analysis to ensure that individuals’ personal and private data has not been compromised.
“Cybercriminals are finding new ways of getting organizations to part with their hard-earned cash,” said Katherine Keefe, global head of BBR Services. “In 2017 we saw fraudulent instruction emerge as a new trend which offers significant reward for the perpetrators in return for little effort but brings potentially devastating financial consequences for the victim."
The top three industry sectors affected in 2017 were professional services (22% of the total reported to Beazley), financial services (21%) and retail (12%), but incidents are growing across all sectors, and in particular where single large transactions, such as real estate purchases, are involved, the firm found.