Another record-setting year in hacking attacks

Given the rate of increase in the number of hacking attacks, it was predicted early on that 2018 would be another record-setting year. That came with more hack attempts and more successful attacks that were seen in 2017.  Sadly, that prediction proved to be correct.

What few people had anticipated, however, was how big of an increase we'd see.

BEC attacks increase exponentially

While the number of attacks generally increased throughout 2018, few areas saw more explosive growth than BEC, which stands for Business Email Compromise attacks.  Those hacks accounted for a mind-boggling 476 percent surge between the fourth quarter of 2017 and the fourth quarter of 2018.  To give that number some context, by comparison, the number of email fraud attempts against businesses also increased by just 226 percent over the same period, which while staggering, is paltry by comparison.

BEC attacks, therefore, win the dubious honor of being the fastest growing security risk on the current threat matrix, and the most likely type of attack that businesses are likely to experience.

These are, at their core, social engineering attacks that target specific employees of a firm, typically in the company's finance department.  The goal is to convince them that they're dealing with a vendor the company regularly does business with and convince them to send large sums of money. This is typical via wire transfer to accounts that, at first glance, appear to be legitimate vendor accounts, but which of course are controlled by the attackers.

While less sophisticated attacks rely on poisoned files or URLs to do their damage, these attacks rely on trust and psychology.  As such, they're significantly more difficult to spot, which is one of the many reasons they can be so devastating.  By the time the victims realize what has happened, it's far too late.

Our perspective

Vigilance is the only real way to combat this form of attack, so be sure your employees understand the risks and that they are on their guard. Lastly, verify any significant transfer of funds in person.  Better to be safe than sorry.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, and nonprofit companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business