Gartner’s New BEC Report: Protection Recommendations | Proofpoint US>
Proofpoint Blog –
The latest Internet Crime Report from the FBI’s Internet Crime Complaint Center reveals that businesses lost over $2) 7 billion to scams in 2022) Surprisingly, Business Email Compromise (BEC) losses were almost 80 times higher than ransomware losses.
The rate of BEC attacks is expected to continue rising, making it an ongoing concern for businesses.
In a recent report, Gartner provides recommendations to help companies reduce the risk of BEC attacks and minimize potential losses.
Here are five key takeaways from the report:
1) Invest in email security: Businesses should focus on email security rather than relying solely on endpoint protection.
Gartner recommends implementing AI-based secure email gateway solutions that offer advanced BEC phishing protection, behavioral analysis, impostor detection, and internal email protection.
Proofpoint protects against BEC attacks by using AI/ML-driven behavioral analysis and threat intelligence.
2) Supplement email security with additional controls: To mitigate the risk of Account Takeover (ATO) fraud, businesses should supplement their email security solutions with additional controls.
They should be able to recognize whether an email is from a genuine sender.
Proofpoint combines behavioral analysis with threat intelligence to detect compromised employee and third-party accounts.
3) Authenticate email domains: Attackers exploit business process errors by sending convincing emails that manipulate financial and data transactions.
Gartner recommends updating processes around user and email authentication and migrating high-risk transactions to authenticated systems.
Proofpoint’s Email Fraud Defense solution helps break the attack chain through hosted services like SPF, DKIM, and DMARC.
4) Empower users with knowledge: Human errors account for a significant portion of security breaches, and social engineering attacks are widespread.
Gartner advises businesses to educate users, suppliers, and partners about different types of BEC phishing attacks and conduct regular user awareness training.
Proofpoint Security Awareness offers threat-driven training programs and Email Warning Tags to help users make informed decisions.
5) Automate detection and response: Automating tasks such as triaging alerts and user-reported phishing emails can reduce response times and alleviate human fatigue.
Gartner recommends deploying a threat detection and response system like MSOAR (mail-focused security orchestration, automation, and response) to triage and investigate incidents faster.
Proofpoint automates threat detection and remediation through features like PhishAlarm reporting button and Threat Response Auto Pull.
Proofpoint aligns with Gartner’s recommendations and offers solutions to protect businesses against BEC attacks.
By following these best practices and leveraging the right tools, businesses can strengthen their defenses against BEC and mitigate the risks associated with these attacks.
Link: https://www.proofpoint.com/us/blog/email-and-cloud-threats/new-gartner-bec-report-recommendations-are-fully-supported-proofpoint