Business Communication Compromise (BCC) predictions for 2023
In 2022, cybersecurity further became a top priority for businesses around the world following critical attacks on both the public and private sectors and of course, the use of cyber warfare as a Russian tactic in its invasion of Ukraine.
This year, organizations have spent significant time and resources attempting to mitigate the risks associated with Business Communication Compromise, including phishing attacks and Personally-Identifiable Information leakages. In 2023 we will see malicious actors increase the frequency of and escalate tactics and techniques around communication. Below are my top 5 predictions for Business Communication Compromise in 2023.
- The death of email: Modern workforces will continue to choose unsecured communications channels If an employee feels like their security and compliance solution is curtailing their freedom to communicate effectively and efficiently, chances are they’ll find another way to circumvent the process and monitoring tools. According to a 2022 Business Communication Report, 45 percent of business communication happens in digital channels outside of email. This is a trend that will escalate in 2023.
Digital natives in particular are still not open to completely following cybersecurity protocol for various reasons, and frequently communicate via channels outside of email. Those reasons include:
- The security protocol slows tasks and operation progress with long, tedious authentication processes.
- It hinders productivity by restricting access to documents and data that a teams/individuals might need to complete a task.
- Constant monitoring induces anxiety and raises stress levels because of the feeling of "being watched."
- Privacy seems moot when your security solution flags every message on your platform and sends them to an IT security personnel for evaluation.
- LinkedIn becomes the most prevalent non-corporate communication channel for data leakage due to new jobs on the market and the recession Increased layoffs across the globe will lead to job seekers utilizing messaging channels to communicate with potential employers, specifically LinkedIn messenger. Departing employees are far more likely to share critical information and data about their former employer in these communications. In many cases, job seekers will be looking for similar positions and will believe that sharing specific data from their former company will give them a leg up in landing their next gig.
- 2023 will see an increase in email phishing campaigns that lead to Third-Party Supply Chain ransomware attacks against enterprise Slack or Teams platforms Phishing attacks are becoming more collaborative and span multi-channel communications. An attacker will need to impersonate several communication platforms in order to gain trust from the target. Attackers are looking for any way into an organization and are becoming better at language-based attacks that travel across communication channels, making it easy to deliver ransomware in unmonitored collaboration applications.
- Attackers will use credentials acquired from the DarkWeb to infiltrate a corporate communication channel like Zoom or Slack for a major financial institution, which will lead to compromising data about executives within the organization Once an attacker obtains credentials, they will then log into a corporate channel that is not monitored and will be able to operate within it for hours unnoticed. This gives them ample time to observe and/or exfiltrate sensitive data. A similar real world example occurred in September when an attacker compromised an Uber employee's credentials and then revealed themselves in the corporate Slack channel. There will be a direct correlation in 2023 of compromised accounts, either stolen or sold, that will be used to attack an organization in minimally observed communication channels.
- Corporate attacks and breaches through targeted personal communications go mainstream and drive tension between employees and employers Social engineering attacks originating in employee owned communication channels are highlighted in the news on a weekly basis. Cyber criminals are targeting high value employees on LinkedIn, Telegram & WhatsApp to infiltrate enterprises. Employers are struggling to enforce mandates and policies but will have to weigh the risk vs. rewards. Contention between personal privacy and corporate visibility to protect organizations -- will see its first class-action suit -- testing the boundaries of employee mandates and corporate control in legal settings.
As we look ahead to the new year, here’s a few things that businesses need to consider in order to avoid the ramifications of Business Communication Compromise.
- Ensure Visibility Across All Communication Channels
- Reducing the risk present in business communication tools begins with visibility. You can’t protect your organization from attacks you can’t see.
- Implement Robust Detection Capabilities
- Once monitoring is in place, detection capabilities must be added to all communication channels. This must include the ability to detect the context and intent of human communications–since many of today’s attacks involve more sophisticated social engineering techniques that are difficult to detect using traditional signature-based tools.
- Integrate Response Actions to Block Attacks
- With monitoring and detections in place, the final step to protecting against sophisticated BCC attacks is to add integrations with communication channels and IAM solutions to allow rapid response. This must include manual actions that security personnel can initiate, as well as automated actions when threat levels are high and/or risk to the business is significant.
Steven Spadaccini is VP Threat Intelligence, SafeGuard Cyber. He is a seasoned senior cyber executive with more than 20 years of experience working for some of the highest-profile cybersecurity and technology companies in the world. Prior to joining SafeGuard Cyber, Steven held senior VP leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix