In 2020, the shift to remote work caused an increase in vulnerabilities and attempted cybersecurity attacks. Many companies had to change from a static view of risk protection to a dynamic agile response, based on the switch to new payment channels and the volume of work taking place at non-traditional locations. Fraudsters are following these shifts with targeted attacks on digital payments and remote workers; they know these workers are dependent upon less secure home computers, networks, and mobile access.
Experts have observed three major trends in cyber crime targeted at businesses in 2021: Email scams, impersonation attacks and account takeovers, and ransomware attacks.
Trend #1: Business Email Compromise targets smaller businesses
Business Email Compromise (BEC) is not going away anytime soon. This non-tech fraud scheme continues to be profitable for the cyber thieves. Strategic Treasurer’s 2021 Treasury Fraud & Controls Survey Report shows a new peak last year, with 86% of survey respondents indicating that fraud threats had increased. The fraudsters escalated their attacks on smaller firms by 35% last year; larger firms were up 15%.
Trend #2: New fraud schemes utilize impersonation attacks and account takeovers
The 2020 Email Security Threat Report from Dark Trace reports that spear phishing, impersonation attacks, and account takeovers remain key ways that cybercriminals infiltrate an organization. These targeted email attacks are a significant security challenge today.
Supply Chain Account Takeover
Similar to phishing, Supply Chain Account Takeover happens when a criminal posing as a trusted supplier easily gains the trust of a user and coaxes them into clicking a malicious link or wiring money from a bank account. Emails received from a vendor assume trust, which means that sophisticated account takeovers often go unnoticed. Dark Trace reports that cyber-criminals will leverage supply chains – suppliers, partners, contractors – to infiltrate their ultimate target. Attackers who have access to a supplier’s email account are able to study previous email interactions and produce a targeted response to your employees. The language they use will often appear benign, so unless your staff is aware of the threat, they may fail to pick up on these attacks.
Trend #3: Ransomware threats continue
According to Proofpoints’s 2021 State of the Phish Report, ransomware threats are a persistent risk. In 2020, two-thirds of those surveyed said their organization experienced a ransomware attack. More than half of those opted to pay attackers’ ransom in an attempt to regain access to their systems and data, but doing so was not always a quick fix.
Victims who paid ransoms in 2020 were less likely to regain access after the first payment than they were the year before. The study showed an increase in follow-up ransom demands and related actions:
- Requests for additional ransom demands rose by more than 320% in 2020
- 32% of 2020 respondents were willing to pay the extra ransoms, compared to just 2% in 2019
The one bright spot: Just 8% of payers ended up walking away empty-handed after negotiating with attackers.
Continue to build your defense and cyber-resilience throughout 2021
It is critical that you build up your cyber-defenses. Anti-virus software is not enough protection from the sophisticated cyber criminals who are attacking organizations. We recommend that you boost your cyber-defense by being proactive in monitoring communications from partners, vendors and your customers.
It also makes sense to invest in ongoing cybersecurity training for your staff. They interact daily with email and the internet and can expose your company to a cyber-attack with one wayward click. Cybersecurity training is one of your company’s most potent defenses against fraud.
We offer ways to add layers of security so you can increase your cyber-resilience and prevent fraudulent transactions. Additionally, our Cybersecurity Resource Library is a great source of information about keeping your business safe from fraud.
Your Treasury Services Support Team is ready to help. Please contact 1-866-594-2304 if we can answer any questions or assist you.
- 2021 Treasury Fraud & Controls Survey Report, Strategic Treasurer
- 2020 Email Security Threat Report, Dark Trace
- 2021 State of the Phish Report, Proofpoint