PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Business email compromise moves closer to advanced threats
This article is part of the Information Security issue of June 2018, Vol. 20, No. 3
Business email compromise is on the rise and costing companies billions of dollars. In 2017, the FBI Internet Crime Center started to track BEC and email account compromise as a "single crime type" because of the similarities of the techniques. Business email compromise distinguishes itself from other email fraud by the steps, time and effort taken to construct the criminal campaign. These steps closely follow the kill chain framework used by advanced persistent threats, and that is what makes BEC dangerous. It has been known for years that, no matter how well an enterprise is protected, security professionals cannot guarantee that the network will not be breached by advanced adversaries. Russia's and China's state-sponsored cyberespionage groups are just too well funded and resourced. If nation-state threat actors want to get into your network, and time and money are not a concern, it is safe to say they could. Advanced persistent threats (APTs) are well-known for using the seven steps spelled out in Lockheed Martin's Cyber ...
Features in this issue
-
Stranger things: IoT security concerns extend CISOs' reach
The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities.
-
Insider threat report tracks annual cost of theft, carelessness
The Ponemon Institute study "2018 Cost of Insider Threats" examines the cost to companies victimized by material insider threat incidents during the past 12 months.
Columns in this issue
-
Cybercrime study: Growing economic ecosystem spells trouble
New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what?
-
Walmart's Jerry Geisler on the CISO position, retail challenges
A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation.