NewsMarch 22, 2018 @ 1:21 PM

Forty Percent of Email Fraud Attacks Against US Businesses Resulted in an Employee’s Termination, Survey Reveals

Companies in the U.S. fired an employee after 40 percent of email fraud attacks that occurred over the past two years, a new survey revealed.

According to Proofpoint’s “Understanding Email Fraud” report, U.S. organizations fired responsible personnel following a business email compromise (BEC) attack more often than companies in all other countries. Australian firms terminated someone in response to slightly more than 25 percent of strikes, while companies in the U.K. and Germany did so even less frequently. Organizations in France fired employees in roughly 15 percent fraud cases, the lowest total of the countries included in the study. Overall, businesses around the world terminated employees after nearly 1 in 4 attacks.

A Pervasive Threat

For the survey, Proofpoint commissioned Censuswide to speak to people at companies with 200 or more employees across various industries about their experiences with email fraud attacks. The firm queried 2,250 individuals in the U.S., U.K., Germany, France and Australia to determine how businesses are affected by BEC, who is most at risk and how organizations are protecting themselves, if at all.

The responses revealed that email fraud attacks are pervasive around the world. Respondents from three-quarters of organizations surveyed told Censuswide that their employer suffered an attack in the last two years, while 41 percent reported that their company was hit more than once.

Firing responsible personnel was just one consequence of email fraud addressed in the study. In 55.7 percent of cases, organizations suffered downtime or other business disruptions. Meanwhile, companies lost sensitive data in roughly half of BEC instances and lost funds to cybercriminals in about one-third of such attacks.

Driving Awareness Around Email Fraud

Robert Holmes, vice president of email security products for Proofpoint, said he believes that BEC scams are so prolific because of their simplicity. These campaigns involve small distribution operations rather than malicious attachments or links, party because the attackers attempt to impersonate people in positions of authority within those organizations.

This make email fraud “extremely difficult to detect and stop with traditional security tools,” according to Holmes, as quoted by Infosecurity Magazine. “Our research underscores that organizations and board rooms have a duty to equip the entire workforce with the necessary solutions and training to protect everyone against this growing threat,” he continued.

The Proofpoint survey noted that most organizations can do more to protect against BEC attacks by implementing phishing awareness programs and creating business controls to stop fraudulent wire transfers. It also highlighted the importance of implementing security measures such as end-to-end encryption, access controls and email authentication.

David Bisson is an information security journalist and security news junkie. He is the Senior Content Manager at Bora Design, an IT security marketing agency which specializes in content creation and social media management. Through Bora, he serves as Associate Editor for The State of Security, the official blog for Tripwire, Inc., and Contributing Author for Venafi. David has been writing about digital security since before he graduated undergraduate school. While a senior in college, he began contributing articles to Information Security Buzz. It was a short time after graduating with a Bachelor of Arts in Political Science and completing his senior thesis, a project in which he argues strategic culture helps to explain the U.S. military's use of "cyber power," that David started writing more frequently for Information Security Buzz and eventually for Tripwire, Metacompliance, and OASIS Open. Outside of his work for Bora, David has written for and is presently contributing to multiple other blogs. In the past, he regularly submitted information security news articles and helpful guides to Graham Cluley Security News as well as participated as a guest expert on a couple of episodes for Cluley's weekly security-themed podcast "Smashing Security." He also wrote about breaking developments and important trends in the field of ransomware for Carbonite's Fight Ransomware initiative. In that same capacity, he discussed Bitcoin and its association with ransomware on a podcast, and he conversed with other experts about the threat of crypto-malware on a panel held in New York City and streamed to the web. David now produces security news articles, promotional content, and whitepapers as a Contributor Author for IBM's Security Intelligence, Gemalto, Centrify, among others. He also freelances as a security expert for webinars concerning email-based threats and how organizations can defend themselves, among other topics.