• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

APAC businesses too slow to respond to BEC attacks

FutureCIO Editors by FutureCIO Editors
June 7, 2021
Photo by Torsten Dettlaff from Pexels: https://www.pexels.com/photo/black-and-gray-digital-device-193003/

Photo by Torsten Dettlaff from Pexels: https://www.pexels.com/photo/black-and-gray-digital-device-193003/

Business Email Compromise or BEC attacks happen more than we’d like to think. According to a global survey of security professionals by Statista, only 35% believe their organisation has not been in the receiving end of such attacks. Twenty-seven percent they have received between one to ten attacks in 2020.

But it is not so much that an organisation is the target of such an attack as it is what happens after the attack escapes an organisation’s security measures and lands in a user’s inbox.

According to Barracuda Researchers, on average, it takes organisations a lengthy three and a half days (over 83 hours), from when an attack lands in users’ inboxes, to when it is discovered and can finally be remediated.

They also found that an average organisation with 1,100 users will experience around 15 email security incidents per month, with around 10 employees being impacted by each phishing attack that manages to get through.

Editor’s choice: PodChats for FutureCIO: Fixing the top 3 security mistakes CIOs make

According to the report, 3% of employees will click on a link in a malicious email, exposing the entire organisation to attackers. Employees will also forward or reply to malicious messages, spreading attacks further within their companies or even externally.

Though these numbers may appear small, the report reveals that it only takes 16 minutes for users to click on a malicious link, and hackers need only one click or reply for an attack to be successful, underlining the need for fast investigation and remediation to keep organisations safe.

“There is no security solution that can prevent 100% of attacks, and end-users don’t always report suspicious emails due to lack of training or negligence, and when they do, the accuracy of reported messages is low, leading to wasted IT resources. Without an efficient incident response strategy, threats can often go undetected until it’s too late,” said Mark Lukie, systems engineer manager, Barracuda, Asia-Pacific.

The research also revealed that most organisations are still reliant on internal threat hunting investigations launched by IT teams to identify email threats for post-delivery remediation (67.6%), with only 24% being discovered via user-reported emails. 8.1% were discovered using community-sourced threat intelligence, and the remaining 0.4% through other sources such as automated or previously remediated incidents.

And while 29% of organisations will regularly update their block lists to block messages from specific senders or geographies, only 5% will update their web security to block access to malicious sites for entire organisations, usually due to the lack of integration between incident response and web security.

Interestingly, Barracuda researchers found that organisations that train their users saw a huge 73% improvement in the accuracy of user-reported emails after only two training campaigns. Focused security training also proved to dramatically shorten the time to remediation, while deploying automated remediation tools also considerably increased an organisation’s ability to automatically identify and remediate attacks in a timely manner.

Lukie warns that people will always be first line of defence. He recommends continuous security awareness training, while deploying a post-delivery threat hunting tool or automated remediation, with integrated email and web security. These actions can significantly reduce the time it takes to identify suspicious emails, remove them from all affected users’ inboxes, and automate processes that bolster defences against future threats.

“In addition to sharing threat data from your organisation and tapping into data shared by others, this is going to be your best line of defence against post-delivery email threats,” he added.

Related:  PodChats for FutureCIO: Cybersecurity threat landscape 2020 vs 2021
Tags: Barracuda NetworksBusiness Email Compromisecyber security
FutureCIO Editors

FutureCIO Editors

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe