According to the FBI, Business Email Compromise (BEC) is now a $3.1B business. The FBI defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” This has also become known as Spear Phishing.
I spend a lot of time talking with customers about their business and how they run their IT infrastructure to meet those business needs. Traditionally, IT’s primary role has been to deploy and manage infrastructure and applications that drive their business. Because of the evolving threat landscape, IT has been forced to a position of protecting users from themselves.
The bad guys have become very sophisticated when designing their “bait” to the point even the most well trained eye has a hard time identifying a real email or web page link from a fraudulent one. The challenge is the number of well-trained eyes in any given company are few and far between. IT must rely on technology to protect the unsuspecting employee from harm.
What’s often overlooked is the human layer of protection. Barracuda has always advocated that end-users are important layer of defense against advanced threats. To that end, we are excited to announce an enhanced Link Protection service that has integrated end-user training exercises to help users that click on malicious links or attachments to understand not only what they did wrong but also training on what to look for in the future, creating a ‘human firewall’.
Link Protection is an integral part of our advanced threat protection technology that utilizes a combination of technologies to protect users and is included in Barracuda Essentials Email Security Service. As its name implies, Link Protection ensures users don’t fall victim from typosquatted links by evaluating and rewriting fraudulent URLs so that, when clicked, the user is safely redirected to a valid domain or to a Barracuda domain warning of the fraud as seen below.
By integrating education and training exercises into our email security technology, we can help organizations take their protection to the next level. Now, employees are protected from the malicious web site and they can run a training exercise to understand what they did wrong and how to avoid repeating this mistake moving forward.
The exercises run about five minutes and take the user through a course to understand who is behind these attacks, what to look for, and a test to ensure they can apply what they’ve just learned.
With this integration, Barracuda Essentials delivers a comprehensive security platform with a combination of detection, prevention, AND education that gives IT organizations a truly multi-layered security strategy to help combat the ever evolving threat landscape.
To learn more about Barracuda Essentials click one of the links below…