EDITOR’S QUESTION
HOW CAN BUSINESSES
BEST PROTECT
THEMSELVES AGAINST
BUSINESS PROCESS
COMPROMISE (BPC)
ATTACKS?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
Trend Micro
finds nearly
half of
organisations
have been
victims of
BPC attacks
T
rend Micro Incorporated, a global
leader in cybersecurity solutions,
has revealed that 43% of surveyed
organisations have been impacted by a
Business Process Compromise (BPC).
Despite a high incidence of these types of
attacks, 50% of management teams still
don’t know what these attacks are or how
their business would be impacted if they
were victimised.
In a BPC attack, criminals look for loopholes
in business processes, vulnerable systems
and susceptible practices. Once a weakness
has been identified, a part of the process is
altered to benefit the attacker, without the
enterprise or its client detecting the change.
If victimised by this type of attack, 85% of
businesses would be limited from offering at
least one of their business lines.
“We’re seeing more cybercriminals playing
the long game for greater reward,” said
Rik Ferguson, Vice President of Security
Research for Trend Micro. “In a BPC attack,
they could be lurking in a company’s
infrastructure for months or years,
monitoring processes and building up a
detailed picture of how it operates.
“From there they can insert themselves into
critical processes, undetected and without
human interaction. For example, they might
30
INTELLIGENTCIO
re-route valuable goods to a new address, or
change printer settings to steal confidential
information, as was the case in the well-
known Bangladeshi Bank heist.”
Global security teams are not ignoring
this risk, with 72% of respondents stating
that BPC is a priority when developing
and implementing their organisation’s
cybersecurity strategy.
However, the lack of management
awareness around this problem creates
a cybersecurity knowledge gap that
could leave organisations vulnerable to
attack as businesses strive to transform
and automate core processes to increase
efficiency and competitiveness.
The most common way for cybercriminals
to infiltrate corporate networks is through a
Business Email Compromise (BEC). This is a
type of scam that targets email accounts of
high-level employees related to finance or
involved with wire transfer payments, either
spoofing or compromising them through key
loggers or phishing attacks.
In Trend Micro’s survey, 61% of
organisations said they could not afford to
lose money from a BEC attack. However,
according to the FBI, global losses due to
BEC attacks continue to rise, reaching
US$12 billion earlier this year.
www.intelligentcio.com