← Back to services // Defensive

BEC cyber exercise

Test your resilience to email fraud in Microsoft 365

€5000 fixed price Schedule an intake

Business Email Compromise (BEC) hits many companies. With a BEC cyber exercise we simulate a real incident in your Microsoft 365 environment along the full kill chain. We see how far we get, whether you detect it, and how your organisation responds.

Business Email Compromise (BEC) is one of the most damaging forms of cybercrime for businesses. An attacker poses as someone your organisation trusts, often a director, manager or regular supplier, and uses that credibility to extract money or information. It happens to a lot of companies, and smaller and mid-sized businesses in particular turn out to be vulnerable.

The scenarios vary, but you probably recognise them:

  • "Can you pay this invoice quickly? It's urgent." A rush payment that slips just outside the normal procedure.
  • A changed account number on an otherwise legitimate invoice from a known supplier.
  • A request to share confidential information or documents, seemingly from someone with authority.
  • A compromised mailbox that follows ongoing conversations and strikes at exactly the right moment.

The end result is almost always the same: a payment that disappears to the wrong account, or sensitive data that ends up in the open.

From whitepaper to practice

The Dutch NCSC published a technical advisory on BEC that sets out exactly how these attacks generally unfold, phase by phase, from gathering information to the final financial theft. That whitepaper describes the techniques and the measures you can take against them.

That advisory did not come out of nowhere: the NCSC produced it together with several specialised security companies, including our own Attic Security. We helped write the very knowledge this exercise is based on, and we know these attacks from the inside rather than just from theory.

Reading a document is one thing. Knowing whether your organisation is actually resilient in practice is something else entirely. That is where our BEC cyber exercise comes in: we simulate a real incident and apply exactly those techniques in your own environment. We see how far we get, whether it is detected, and how your organisation responds.

Along the whole kill chain

The attack runs along a fixed kill chain, a sequence of phases an attacker goes through. Together with you we walk through those phases and look at how far we can find the techniques, vulnerabilities and weak spots in your processes. For each phase we test not only the technology, but also the human and procedural side: how does your organisation respond when something goes wrong?

Click a phase to see which techniques and measures belong to it in the technical advisory:

In concrete terms this means we:

  • replicate the techniques from the BEC advisory in a controlled way in your Microsoft 365 environment;
  • test whether your defences detect the attack, and at which point in the kill chain;
  • look at how your incident response works in practice, from first signal to follow-up;
  • map the weak spots in both technology and processes;
  • give you a concrete picture of where your resilience falls short and what is needed to improve it.

Methodology

1

Intake & scope

We agree which techniques we use and which part of your Microsoft 365 environment we test.

2

Simulation along the kill chain

We replicate the BEC techniques in a controlled way in your environment, phase by phase.

3

Measuring detection & response

We check whether and when you detect the attack and how your incident response works in practice.

4

Reporting & advice

You get a concrete picture of the weak spots in both technology and processes, with recommendations to improve them.

Frequently asked questions

Is the exercise safe for our production environment?

Yes. We run the techniques in a controlled, pre-agreed way. The goal is to test and learn, not to cause damage.

What do we get as a deliverable?

A report with findings per kill chain phase: which techniques we could execute, what was and was not detected, how your organisation responded, and concrete recommendations for technology and processes.

Who is this for?

For organisations using Microsoft 365 (Outlook). Smaller and mid-sized companies in particular turn out to be vulnerable to BEC and benefit most from this exercise.

What does a BEC cyber exercise cost?

The exercise has a fixed price of 5,000 euro. No hourly billing and no open end, so you know in advance where you stand.

Schedule a meeting directly

Pick a time that suits you and we will discuss how we set this service up for your environment. Prefer email? Send us a message.

info@zolder.io

Booking tool blocked

The HubSpot booking tool sets marketing cookies. Accept marketing cookies to schedule a meeting, or email us directly.