Remote working poses challenge for prevention and detection
During the second quarter of 2020, cybercriminals had greater success in duping employees with phishing and social engineering scams. The number of incidents involving social engineering and business email compromise (BEC) reported to Beazley Breach Response (BBR) Services grew over Q1, even as the total incident count fell slightly.
The majority of social engineering attacks result in a BEC, where the cybercriminal gains access to an email account. However, in Q2 cybercriminals were most successful in stealing funds using social engineering techniques to provide fraudulent payment instructions without a system compromise.
With the expansion of the remote workforce, detecting and preventing social engineering scams has become more difficult. Employees are typically the first line of defense, but working remotely can make it harder for employees to maintain a culture of compliance. While the increase in distractions that come with caring for family members while working have been widely discussed, physical separation from the workplace is also a factor. Without a coworker to converse with at the next desk, employees are less likely to do a “sense check” of a suspicious email. In fact, BBR Services has handled an increase in notifications involving employees who admit they did not notice anything suspicious.
In another development, BBR Services has noted a slow-down in the speed at which companies detected that payments were being redirected, particularly if the change to payments had occurred near the beginning of the pandemic response.
Cybercriminals shift to the middle market; attacks become more sophisticated
Organizations in the middle market were increasingly likely to be targeted compared to smaller organizations, and reported 60% of these incidents, up from 46% in Q1. To the extent middle market organizations have been more resilient in carrying on day-to-day operations during the pandemic, their employees are more available to be targeted. And for cybercriminals, particularly those who can execute more sophisticated attacks, middle market organizations are richer targets.