A Key Cybersecurity Threat: Fraudulent Instruction

One recurring cybersecurity challenge that many organizations face is the threat of fraudulent instruction. According to Beazley, this is “a social engineering attack in which compromised email credentials or spoofing are used to induce an employee to make a wire transfer or other electronic payment to a bank account controlled by a cybercriminal.” In their latest Breach Insights report, Beazley says that in Q2 of 2020, incidents involving fraudulent instruction grew the most, compared to Q1. To dive in a little further, middle market companies and organizations were targeted most, with healthcare, financial institutions, manufacturing, real estate, and education reported as the most targeted industries.  

Thus far in 2020, we’ve seen and written about the increase in social engineering email attacks by cybercriminals, brought about mostly due to the arrival of the COVID-19 pandemic. A large number of these attacks capitalized on COVID-19 fears. Add onto that the increase in remote working during Q2 of 2020, and we see that employees are more likely to fall for social engineering scams.

Why is that? A lot of this can be attributed to a remote workforce, making detecting and prevention of scams more difficult. “Employees are typically the first line of defense, but working remotely can make it harder for employees to maintain a culture of compliance,” Beazley says. Such reasons include distractions care for family members while working or physical separation from the workplace.

What can be done as an organization? It is not very expensive to invest in training and process changes that can help reduce the likelihood of your organization falling victim to a cyberattack. Here are some key considerations put together by Beazley:

  • Alert employees to scams through security awareness campaigns
  • Provide anti-fraud training to show employees how to detect and avoid both email phishing and social engineering scams
  • Establish an out-of-band verification process
  • Set up multi-factor authentication (MFA) for remote access to your organization’s email system, VPN, ACH system, etc.
  • Let your customers know that you will not change banking instructions without authentication
  • Reduce email retention periods
  • Implement email security improvements such as the Sender Policy Framework (SPF)

In addition, here are some blog resources that we’ve put together to help support organizations and cybersecurity, particularly surrounding the COVID-19 pandemic:

Of course, cybersecurity insurance is important and recommended, as it helps a business recover from a security breach or other cyber event. The team at Rose & Kiernan, Inc. can help assist you in finding a cybersecurity insurance policy to help protect your business or organization.

For more information on Rose & Kiernan’s cybersecurity risk management, please contact us at techrisksolutions@rkinsurance.comClick here to learn more about cybersecurity insurance.

Post a Comment

Your email address will not be published. Required fields are marked *

Related Posts

cloud-based email compromises
A Key Cybersecurity Threat: Banking Trojans

A banking Trojan is a type of malicious computer program that is designed to gain access to confidential information stored or processed through an online banking system.

Read More

cloud-based email compromises
A Key Cybersecurity Threat: Business Email Compromises (BEC)

Business email compromises (BEC) are on the rise as a major cybersecurity threat. There are steps business owners can take, including getting cybersecurity insurance coverage.

Read More

cybersecurity threat
A Key Cybersecurity Threat: Targeting of IT Vendors by Cybercriminals

Many small businesses rely managed service providers (MSPs) to manage their IT infrastructure. When it comes to cybersecurity, you’ll want to thoroughly vet the vendor to make sure they’re taking the proper steps to mitigate risk.

Read More