Business Email Compromise (BEC) remains a critical threat to the Dutch economy, often bypassing traditional security measures with ease. This session provides an exclusive technical deep dive into the upcoming BEC defensive standard developed under the Cyclotron program—a high-maturity public-private partnership between the NCSC and industry experts, including Attic Security.As a co-author of this forthcoming whitepaper, I will break down the BEC attack chain using the MITRE ATT&CK framework. We move beyond basic awareness to explore 13 critical phases, from reconnaissance to financial impact. The presentation focuses on high-impact technical countermeasures: implementing phishing-resistant MFA to stop session hijacking, disabling risky Direct Send configurations, and automating the detection of configuration drift. Attendees gain an exclusive look at how Cyclotron translates complex threat intelligence into a new actionable technical standard for Dutch organizations.
