Defending Against Business Email Compromise Attacks
David Stubley of 7 Elements Describes Key Mitigation TechniquesWhat can organizations do to thwart business email compromise attacks? David Stubley, CEO of the consultancy 7 Elements, outlines several key steps.
Stubley will offer a presentation on "Anatomy of a BEC Attack" at Information Security Media Group's Security Summit: London, to be held Sept. 23.
"We should be implementing multifactor authentication as a default action to provide that secondary layer of protection," Stubley says in an interview (see audio link below photo). "If you do that, straight away you are mitigating the most common form of external compromise, brute force attacks, because you're not only going to have to guess a user's password, you're going to have to trick them into authorizing that access as well."
Another key step, Stubley says, is to educate and train employees to be aware of potential threats.
"The other point of compromise we see quite often is individuals being enticed to click on an email that has been sent to them, often within the supply chain," Stubley notes. "Training and awareness are paramount there to stop these types of attempts."
In this interview, Stubley discusses:
- How the EU's General Data Protection Regulation has impacted business email compromise attack reporting;
- The changing attack surface as a result of cloud-based email;
- Key steps to mitigate the risk of a BEC attack.
Stubley is founder and CEO of 7 Elements. He has over 17 years of experience within the technical security market, where he has held senior level positions within global blue-chip organizations.