National ISACs, FBI, USSS and Symantec Collaborate to Fight BEC

FOR IMMEDIATE RELEASE
Contact: contact@nhisac.org

October 12, 2017

Washington, DC – A group of national ISACs, The U.S. Secret Service (USSS), The Federal Bureau of Investigation (FBI) and Symantec announced today the organizations are joining forces to offer free workshops around the country on Business Email Compromise (BEC), a significant and growing threat for businesses and individuals throughout the United States. Although not as widely profiled as ransomware attacks in recent years, BEC represents a more significant financial threat to organizations than other recent types of attack. Since October 2013, the Federal Bureau of Investigation has identified victims from 131 countries and a global monetary exposure of over $5 billion as a result of BEC fraud.

BEC is a sophisticated scam using email and/or other electronic communication to impersonate a business executive, employee, or other person with authority to request payments or access to employee payroll and W2 information on behalf of their company or organization.

To help educate businesses and individuals on ways to combat BEC, the USSS, FBI and Symantec are joining forces with the following ISACs to offer free workshops around the country:
● Multi-State Information Sharing and Analysis Center (MS-ISAC),
● National Health Information Sharing and Analysis Center (NH-ISAC),
● Research and Education Network (REN-ISAC), and
● Retail Cyber Intelligence Sharing Center (R-CISC).

Business leaders are invited to join these workshops to learn about BEC, a very real & proliferating cybersecurity threat. Cybersecurity experts from the USSS, FBI and private sector will be sharing their experiences & expertise around BEC, how BEC can impact companies and how to protect against becoming the next victim.

Each half-day workshop will include discussion around topics including:
● Describing the Business Email Compromise (BEC) threat
● The current threat landscape
● Tactics, techniques & procedures used by the criminals
● Why situational awareness & information sharing are important
● Offer strategies to help protect your organization from BEC attacks

“The Business Email Compromise (BEC) has become an increasingly sophisticated scam targeting businesses that regularly perform wire transfer payments. The Secret Service is committed to working with our public and private partners to educate the business community while seeking new and innovative ways to combat this emerging cyber threat,” said Robert Novy, Deputy Assistant Director for Cyber at The United States Secret Service.

“Investigating Business Email Compromise (BEC) scams is a top priority for the FBI. This year, the FBI’s Internet Crime Complaint Center, began tracking these scams as a single crime type, illustrating the significance of the threat. It is crucial that all businesses and individuals who feel they have been the victim of BEC file a complaint with www.ic3.gov. Rapid notification allows the FBI to quickly deploy FBI resources to provide assistance and conduct law enforcement actions as appropriate,” said Scott Smith, Assistant Director, Cyber Division at The Federal Bureau of Investigation.

“The R-CISC community is working together to share information and intelligence on Business Email Compromise (BEC) threats, improving our collective knowledge and response. These workshops are a great resource for business and government employees to learn not only about these threats but the resources available to them,” said Suzie Squier, Executive Director of the R-CISC.

“Business Email Compromise attacks (BEC) are the latest sophisticated email threats targeting organizations of all sizes, our research from the 2017 Symantec Internet Security Threat Report shows they target more than 400 businesses a day. Symantec provides comprehensive protection from BEC scams and is working with security experts around the world to identify and protect against these dangerous attacks by sharing insights from threat research and best practices,” said Jane Wong, Vice President of Product Management and Engineering, Messaging Security, Symantec.

“We received tremendous positive feedback from last year’s Ransomware Roadshow workshops. NH-ISAC is pleased to be partnering again with FBI and the Secret Service as well as its sister ISACs and Symantec to bring valuable information to the public on the Business Email Compromise threat,” said Denise Anderson, President NH-ISAC, Chair National Council of ISACs.

“Business Email Compromise (BEC) activity is a growing problem facing the SLTT community. It emphasizes the need for good cyber hygiene practices at all levels of government,” said Thomas Duffy, Chair, Multi-State ISAC.

“Protection against the growing threat of business email compromise includes the need for aware and savvy users. These workshops will help professionals who are targeted by attackers make smarter choices to prevent financial fraud,” Kim Milford, Executive Director, Research and Education Network (REN-ISAC).

Workshops will be conducted in the following cities: Kansas City, MO; Nashville, TN; Boston, MA; Seattle, WA; Denver, CO; Dallas, TX; Phoenix, AZ; San Francisco, CA; Los Angeles, CA; Kennedy Space Center, FL;
New York, NY; Akron, OH.

Information and registration for each event can be found here: https://nhisac.org/events/nhisac-events/business-e-mail-compromise-workshop/