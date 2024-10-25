Bitcoin is the last major blockchain to use the energy intensive mining process that requires rows of energy-guzzing computers. — © AFP

Business Email Compromise (BEC) is the cyberattack in the U.S. with the highest financial impact, with losses exceeding $1 billion ($1,747,924,931) since 2020 and an average loss of $88,350 per incident.

This is according to the cybersecurity firm Kiteworks, who have recently analysed the primary forms of cybersecurity attacks on U.S. states as well as identifying where businesses are most at risk of cyberattacks. Data was drawn from the U.S. government annual report from 2023-2017. The number of attacks and losses were split into averages of 2023-2020 and 2020-2017 for a 4-year moving average.

BEC attacks involve fraudsters impersonating business executives or employees to deceive victims into transferring funds or revealing sensitive information.

From the research, credit card and check fraud rank second, causing $516,046,155 in total losses and an average loss of $27,039 per incident. This fraud typically involves unauthorized use of payment information.

Malware attacks, in third place, have resulted in losses of $237,469,021 with an average loss of $83,235 per incident.

Non-payment/non-delivery cyberattacks are the most common

Non-payment/non-delivery attacks are the most common U.S. cyber threat since 2020 with 60,113 incidents, which involves fraudsters tricking victims into paying for undelivered goods or services. The second most prevalent is personal data breaches, with 40,523 incidents, which can involve unauthorized access to sensitive information often leading to identity theft and fraud.

Patrick Spencer, a spokesperson at Kiteworks, has told Digital Journal: “Our study reveals a concerning trend: cyberattacks are on the rise, both in frequency and financial impact. As cyber threats continue to evolve, proactive investment in advanced security technologies and employee training can significantly enhance a company’s resilience against cybercrime, as well as a greater focus on data security.”

Spencer recommends, in terms of remediation, that: “Businesses should adopt a content-defined zero trust approach to secure their sensitive communications. By consolidating email, file sharing, SFTP, managed file transfer, and web forms into a private content network protected by a hardened virtual appliance, organizations can ensure that sensitive content is only accessed by authorized users.”

He adds: “This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring the protection of sensitive content.”