Ransomware has made major cybersecurity story headlines in the past 12 months. Therefore, a lot of focus and corporate resources are spent on mitigating the risk of ransomware. And rightly so. But another threat that has been around for a long time is just as damaging to a business: this is the specter of Business Email Compromise or BEC.
The impact of BEC
Ransomware makes headlines because of the acute impact on an infected business and the often massive ransom demands. The biggest ransom in 2021 was the $50 million demand from the ransomware attack on Acer. By comparison, BEC is seemingly less impactful with losses in the region of hundreds of thousands rather than millions of dollars. However, exceptions to this are common, with one company filing a complaint with the internet Crime Complaint Center (IC3) when they realized they had sent a wire transfer for $60 million to a fraudster: the money was subsequently traced and returned by the IC3 Recovery Asset Team (rat).
The 2020 FBI Internet Crime Complaint Center (IC3) report found that the numbers of BEC crimes (19,369) were around four times the numbers of reported ransomware attacks (2,474).
The amounts involved in the