Experts from international cybersecurity specialist Armor are predicting a significant surge in Business Email Compromise (BEC) incidents during 2024.

Primarily driven by artificial intelligence, advancements in technology are set to facilitate increasingly sophisticated attacks from threat actors in the coming months, giving them the ability to mimic communication styles and grasp transactional nuances more adeptly, rendering fake interactions and attacks harder to detect.

With email playing such a pivotal role in today’s commercial world, disruptions to the communication platform can prove hugely damaging for businesses.  Productivity, reputation and financial performance can all be greatly impacted by security breaches and so a strong defence system is essential. Armor GRC/P Security Advisor Temi Akinlade offers businesses advice on how to avoid becoming a victim of a BEC threat.

Temi begins, “As cyber threats continue to evolve, the implementation of a robust email security practice is imperative. Safeguarding email accounts is not just a matter of protecting personal or confidential information but also the security of the wider corporate operation, its reputation and integrity.

“The foundation of any comprehensive email security programme is basic security hygiene. Strong password policies, account lockout mechanisms, and discouraging password re-use form the bedrock of digital defence and should be encouraged across the board. As fundamental as this may sound, it is an instrumental part of any strategy required to establish a secure digital environment.”

Organisational culture also plays a key role in email security as Temi explains, “Ensuring your organisation has a proactive email security culture is essential. Rather than the standard tick-box training sessions, implement in-person “Inbox-Integrity Sessions”. These are short, regular meetings where teams collaboratively analyse and discuss genuine malicious emails received. They stress the importance of vigilance and understanding, encouraging employees to be staunch defenders of their inboxes. By transforming employees into first responders, businesses can safeguard organisational assets and reputation. They become the first line of defence against threats and are more inclined to identify and report suspicious activity, actively bolstering the organisation’s security posture.”

Having a clear, accessible, and enhanced reporting mechanism in place is another key tool in the fight against cybercrime according to Temi, “Colleagues should feel confident in the process and be encouraged to report any issues without fear of reprisal or embarrassment. Even the slightest suspicion should be taken seriously and will help to foster a security-conscious environment.

“Multi-factor authentication (MFA) and least privilege policies also play a huge role in email security. Access to email accounts should necessitate more than just a password and MFA requires a second or even third form of identification, ensuring that even if login details are compromised, unauthorised individuals are denied access.

 “An adaptive least privilege policy will also allow for additional authentication requests when deviations from normal user behaviour are detected. Such a strategy is particularly effective against AI-driven cyber threats, which have made traditional phishing and other email attacks more sophisticated and harder to detect.

 “At the end of the day,” Temi concludes, “implementing best practices will help businesses to protect themselves and their employees from any malicious attacks. The consequences of email security breaches are not limited to financial losses. They can tarnish a company’s reputation, lead to regulatory penalties, and diminish customer trust so prioritising email security is a must. By creating a robust, multi-layered strategy against cybercrime, a safer and more secure digital environment will be created.”

For more information on how to shield your business from cyber criminals visit: Armor.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals