As Business Email Compromises Increase, Security Awareness Training Becomes More Important

According to Verizon's 2024 Data Breach Investigations Report, the overall rate of phishing has been growing. In fact, according to the report's summary, "Our ways-in analysis witnessed a substantial growth of attacks involving the exploitation of vulnerabilities as the critical path to initiate a breach when compared to previous years. It almost tripled (180% increase) from last year... In particular, pretexting (most of which is Business Email Compromise [BEC] accounts for a quarter of financially motivated attacks according to the FBI IC3 dataset."

Simply put, BEC is a material problem.

Who Gets Targeted

VIPRE found that 49% of all detected spam emails were BEC emails, attempting to impersonate someone within an organization in an effort to commit digital fraud. An overwhelming 87% of these attacks purported to be the CEO, with a member of human resources in second place (8%), and IT in third (3%).

What Dealers Need to Do

As we have suggested in our Guide for Dealer Principals to Drive Cybersecurity Excellence, Dealer executives have to create a culture of cybersecurity excellence by understanding the strategic implications of cybersecurity shortcomings, championing better cybersecurity excellence, and managing cybersecurity proactively. When it comes to Business Email Compromise Dealer Principals must:

• Be Vigilant - It’s obvious that pretending to be the CEO is going to get people to move on payments far more than other roles. It’s also why those responsible for the organization’s financial systems and payments need to continually undergo security awareness training to ensure they remain constantly vigilant. Dealer Principals must lead the charge to ensure your dealership is constantly training on IT security excellence.
• Build Controls & Policies - Having business processes and technical controls to prevent a cyber attack or phishing scam is obvious. Instituting security management tools (e.g., email filtering, user authentication, and zero trust network access) is just the tip of the iceberg in preventing business email compromise. Dealer Principals must ensure the entire organization is adhering to these new controls, policies, and procedures and that the cybersecurity tools used are in alignment with those controls & policies.
• Train, train, train - Educating your employees is essential. Dealer Principals need to train their teams on security policies, password management, login (2FA) practices, and identifying email compromises. Many leaders mistakenly believe that setting up Security Awareness Training for their employees is enough. But it is only the start of a regular engagement toward cybersecurity education excellence. This must be done, as your employees are a key part of your preventive protection.

Business email compromise can cost a dealer millions. Build a culture of cybersecurity excellence including security awareness training to protect your business from risk.