The Remarkables podcast: Stories of people improving communities and inspiring youth. Listen now.
According to the Australian Cyber Security Centre, BEC is one of the most commonly reported cybercrime types in Australia, with businesses across various sectors falling victim to it. In 2022, the ACSC reported financial losses of over $98m due to BEC compromises.
It is essential to understand the evolving threat landscape and develop strategies to mitigate the risk of BEC, including identifying the different types of BEC and how respond appropriately to incidents. Here are some key points to consider.
BEC can take various forms, such as payment diversion, CEO fraud, phishing attacks and M365 compromise. Payment diversion is the most common type of BEC, where attackers send fraudulent invoices to businesses with instructions to transfer money to a Threat Actor account.
The most commonly targeted industries in Australia include finance, real estate, and professional services. If your organisation operates in one of these sectors, it is essential to take extra precautions to protect against BEC.
Prevention is better than cure when it comes to BEC. Some essential measures to consider include staff education and training on how to identify and respond to BEC, strong email security protocols for onsite and cloud infrastructure and conducting regular audits of processes and controls.
It is important to have a robust incident response plan in place that outlines the steps to be taken in case of an incident. The plan should include procedures for isolating affected systems, notifying stakeholders, and preserving evidence for investigations.
Collaboration can help keep your organisation informed about the latest BEC trends and best practices. Some organisations to consider partnering with include the Australian Cyber Security Centre and the Australian Signals Directorate.
BEC is a constant threat to businesses in Australia. Our incident response team can help you become aware of the evolving threat landscape, develop effective strategies to mitigate risk and investigate any active compromises. By implementing preventive measures, your organisation can minimise the impact of BEC and protect against financial loss and reputational damage.
Proactive stress testing to manage macroeconomic risk, strengthen financial stability and banking
Grant Thornton worked with AUSTRAC (the federal Anti-Money Laundering regulator) to support the development of their new AML/CTF Starter Kits released this week, designed specifically for Tranche 2 sectors including lawyers, real estate professionals, accountants, and conveyancers.
The Federal Court’s $5.8M ACL decision signals a new era for privacy, cybersecurity, and governance in Australia. It reinforces that privacy and cyber obligations start Day 1 of any acquisition, governance failures will be scrutinised, and accountability cannot be outsourced. Boards must ensure robust oversight, deep cyber due diligence, and forensic incident response. With OAIC escalating regulatory enforcement, organisations face heightened legal, financial, and reputational risks.
