Deja Ranee Smith - Temple University

Combatting Business Email Compromise

Name of sponsoring organization
1. ISACA
Details of the activity (e.g., where, when)
1. Online Webinar, December 13th
What you learned
1. From this webinar, I learned that Business Email Compromise (BEC) is a significant and growing threat to organizations, with losses totaling nearly $2.4 billion and an average loss per incident that has increased by 25%. BEC is 49 times more costly than ransomware with fraudsters often posing as someone the target trusts, using tactics such as domain spoofing, look-alike domains, display name spoofing, and account compromise. There are a wide range of BEC variants, such as gift carding, payroll redirect, supplier invoicing fraud, M&A fraud, and shipment redirect. Protecting against BEC requires a multi-layered approach that includes response, detection, visibility, and awareness. Education and awareness are also important in preventing BEC, such as targeted training on BEC, phishing, social engineering, spear phishing threats, unintentional insider threat, and mitigating compromised devices. Simulations using real examples that are being detected and targeting recipients it was sent to can help to see how well they detect and provide additional training to those that fall for it.
How the activity relates to coursework or your career goals
1. This webinar is important to my career goals because it highlights the importance of cybersecurity in the business world, which is a critical component of my industry. Understanding the various types of cyber threats and the methods used to protect against them is essential for anyone in my field. Additionally, the webinar highlighted the importance of technology and its role in detecting and preventing BEC. Understanding how technology can be used to gather and analyze information, improve efficiency and security, and provide insights is essential. Furthermore, the webinar emphasized the importance of education and awareness in preventing BEC. The ability to educate and train employees on cyber threats is an essential aspect of my field, as it helps to mitigate risk and protect the organization.