A Key Cybersecurity Threat: Fraudulent Instruction
One recurring cybersecurity challenge that many organizations face is the threat of fraudulent instruction. According to Beazley, this is “a social engineering attack in which compromised email credentials or spoofing are used to induce an employee to make a wire transfer or other electronic payment to a bank account controlled by a cybercriminal.” In their latest Breach Insights report, Beazley says that in Q2 of 2020, incidents involving fraudulent instruction grew the most, compared to Q1. To dive in a little further, middle market companies and organizations were targeted most, with healthcare, financial institutions, manufacturing, real estate, and education reported as the most targeted industries.
Thus far in 2020, we’ve seen and written about the increase in social engineering email attacks by cybercriminals, brought about mostly due to the arrival of the COVID-19 pandemic. A large number of these attacks capitalized on COVID-19 fears. Add onto that the increase in remote working during Q2 of 2020, and we see that employees are more likely to fall for social engineering scams.
Why is that? A lot of this can be attributed to a remote workforce, making detecting and prevention of scams more difficult. “Employees are typically the first line of defense, but working remotely can make it harder for employees to maintain a culture of compliance,” Beazley says. Such reasons include distractions care for family members while working or physical separation from the workplace.
What can be done as an organization? It is not very expensive to invest in training and process changes that can help reduce the likelihood of your organization falling victim to a cyberattack. Here are some key considerations put together by Beazley:
- Alert employees to scams through security awareness campaigns
- Provide anti-fraud training to show employees how to detect and avoid both email phishing and social engineering scams
- Establish an out-of-band verification process
- Set up multi-factor authentication (MFA) for remote access to your organization’s email system, VPN, ACH system, etc.
- Let your customers know that you will not change banking instructions without authentication
- Reduce email retention periods
- Implement email security improvements such as the Sender Policy Framework (SPF)
In addition, here are some blog resources that we’ve put together to help support organizations and cybersecurity, particularly surrounding the COVID-19 pandemic:
- Remote Workforces Pose Higher Risk for Cyberattacks During COVID-19 Pandemic
- Social Engineering Cyberattacks: What to Know and How to Mitigate Risk
- A Key Cybersecurity Threat: Business Email Compromises (BEC)
Of course, cybersecurity insurance is important and recommended, as it helps a business recover from a security breach or other cyber event. The team at Rose & Kiernan, Inc. can help assist you in finding a cybersecurity insurance policy to help protect your business or organization.