All businesses have unique operational processes they rely upon to handle distinct needs. Even common tasks like shipping are handled differently from company to company. But in general, the larger a business is, the more complex its processes.
Business Process Compromise is a new type of cyber attack that recently has come into focus. It specifically targets unique systems and processes and manipulates them for the attacker’s benefit. And rather than a brash warning such as is received with ransomware, BPC attacks are typically silent and have a goal of stealthily appropriating goods and/or funds over extended periods of time.
Many BPC attacks go unnoticed because employees largely ignore the workings of these processes treating them as almost automatic.
Defending against BPC requires a multi-pronged approach.
- File Integrity Monitoring should be considered for critical systems
- Regularly check system operations and compare normal activity from abnormal and possibly malicious actions.
- Regularly audit long-established processes looking for vulnerabilities as well as proper results from test data
- Ensure that your organization has implemented cybersecurity measures to protect against identified malware exploits
Everyone stay safe out there!