Is Your Business Susceptible to Social Engineering Attacks? FBI Says Yes

The FBI’s Internet Crime Complaint Center (IC3) released their annual report last week. Cybercrime losses increased by 64% according to the report. For the 7th year in a row, Business Email Compromise (BEC) attacks were the leading cause of financial losses in 2021 – up 28% from 2020. That’s $2.4 billion lost last year due to BEC, which has rapidly become one of the most popular social engineering tactics.

The report illustrates how vulnerable businesses and individuals are to social engineering attacks, which is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

How likely is a social engineering attack?

As the data shows, the problem of cybercrime is getting significantly worse and small businesses in America are at the greatest risk of being targeted for ransomware.

In 2020 more than 70% of ransomware attacks happened to companies with fewer than 1,000 employees, and 60% of these businesses had revenues of less than $50 million.

Ransomware attackers purposefully target small businesses because they don’t have the budgets or advanced infrastructure that a larger company has. They tend to be easier prey and are more likely to pay the ransom.

What you can do to mitigate your risk

Have a cohesive plan

The firms who avoid ending up in the FBI’s report will typically have a CISO and a security team who have crafted and executed a comprehensive security strategy designed to protect their business, and to respond rapidly and effectively when bad things do happen.

For the smaller businesses that are falling victim, it can be unrealistic to hire and retain such talent.  If this sounds like your business, one of Inversion6’s part-time CISO’s may be a perfect fit to provide the same capability at a fraction of the price.

Educate and empower your employees

The key to social engineering attacks is the ability to manipulate people. So, it’s important to make sure your people are trained on these types of the attacks and their methods. Having regular security awareness trainings will help keep employees updated on the latest scams and techniques attackers use.

However, it’s crucial that leaders not only take time to educate themselves and their employees about these types of scams, but also empower them to take time to verify any incoming requests. Reinforcing that it’s ok to slow down and trust information coming in, but always verify, even if it means taking an extra day to get things moved.

These days, we move at a lightening pace and the more leaders can get in front of their employees with security awareness training and education, the better chance they have of stopping the scam before it becomes a problem.

Invest in the right technology

Technology investment is always a tough conversation. How do we know it’s worth the cost? How long will it take to get implemented? Will it do what we want it to do?

Email Security technology has been fairly stagnant for a number of years with small incremental changes. This area of security has continued to be ripe for opportunity as most successful breaches are using phishing and social engineering as their delivery mechanism.

This is where partners like Inversion6 Technologies come in. We’re continuously reviewing and assessing the market including startups to identifying and introducing new effective security technologies to our customers. It is incredibly important to be aware of changes to the attacker landscape, the solutions market, and how best to protect and defend your organization.

In the case of business email compromise, Abnormal Security is the leader in preventing these types of attacks. It uses behavioral science to understand identity, context and content within your organization’s email—which is a fundamentally different approach from other email-security software systems.

We’ve seen tremendous success with our clients with proof of concepts taking mere minutes. Plus, it can run alongside your existing email software.