Share this
Ohio State Auditor Warns To Stay Vigilant Amidst Rise in BEC Schemes

Ohio State Auditor Warns To Stay Vigilant Amidst Rise in BEC Schemes

While the importance of cybersecurity is consistently a growing topic of conversation among individuals and business alike, cyber criminals are always finding new ways to pull off their fraudulent schemes. Ohio governments, in particular, have experienced a rise in spear phishing attacks known as payment “re-direct” and business email compromise (BEC) schemes.

So much so that the Ohio Auditor of State’s Office recently published a new bulletin (2024-003) focused on educating government and public employees, as well as sharing some expectations which even include negative outcomes for those employees seen as liable or negligent. These new standards and expectations were rolled out with the hope that shared responsibility will encourage vigilance and greater interest in preventing these crimes.

Clark Schaefer Hackett and Clark Schaefer Consulting have deep expertise within IT risk and cybersecurity, and are committed to helping our clients protect what matters most. Read on to discover some of the latest trends in spear phishing, and learn about the role you can play in prevention.

What is Spear Phishing and Why is It so Tough to Identify?

Spear Phishing is a targeted attack which is tailored to the recipient. Typically, an email is sent to an individual with the goal of deceiving them into taking an action, such as clicking on a link or attachment and even sending funds or payments to a compromised bank account. These emails can appear to come from a trusted vendor, financial institution, or even another member of their own organization. But it’s not solely isolated to emails - it’s also very common for these same schemes to occur over telephone or physical paper requests.

Cyber criminals are smart, and they are constantly trying to gain additional information about their victims which can then be leveraged to legitimize their illegitimate requests. Just as it sounds, spear phishing is a customized attack which is designed and tailored to the recipient.

Where Does the Blame Lie?

The increasing frequency of successful attacks with significant financial losses has led to greater responsibility from those with boots on the ground. Specifically in the state of Ohio, the State Auditor has made it crystal clear that actions viewed as negligent can leave employees held liable.

The message is clear that responsibility is shared and vigilance is an expectation.

How to Prevent Business Email Compromise

The cybersecurity game changes every day and let’s face it, there are no rules. The best you can do is stay alert, become educated and leverage a trusted partner to help you maintain best practices. Our team of best-in-class IT and cybersecurity professionals will help you get ahead of a mishap and ensure that you are doing all you can to avoid falling victim to cyber criminals.

Contact us today to discuss how we can partner with your organization. Interested in reading the full bulletin issued by the Ohio Auditor of State? Click here.

Carly Devlin

Shareholder, Chief Information Security Officer
Carly is a highly accomplished professional, currently serving as a Shareholder and the Chief Information Security Officer at Clark Schaefer Hackett. Her primary responsibility is to lead the firm's IT Risk and Cybersecurity consulting practice.

Brian Mosier

Shareholder
Brian has extensive knowledge and experience in performing and managing audit engagements under the requirements of GAGAS and the Uniform Guidance.
You may also like