Toyota has not presented a great level of detail about how this BEC scam took place, but based on our experience, it probably happened like this;
Whether it's a $37M transfer from a global provider of car parts, a $2M payment by a church to a construction company, or $1.7M hit taken by a county government, the loss can be devastating. The Toyota subsidiary has acknowledged that they may need to alter their earnings estimates, unless they can recoup any of the losses.
What steps can you take to make sure that your organization doesn't get hit with business email compromise? First, your entire organization, from CEO all the way down, should go through annual security awareness training. A good training session will cover the current threats, how to spot them, and how to avoid them. There are even tools on the market which can be used to test which of your employees present the biggest risk to your corporate IT ecurity.
Secondly, when it comes to BEC, you should have a corporate hierarchy in place that makes it so that no one person controls the keys to the castle, so to speak. If funds are being wired or bank routing information is changing, there need to be checks and balances in place.
Thirdly, your organization should be using multibusinessfactor authentication (MFA) to access your email accounts and your corporate network. Yes, it's an additional step in logging on, but it stands to save you millions in the long run.
For more information on BEC, security awareness training, or multifactor authentication, call Ashton Technology Solutions at 216 397-4080.