...organisations need to start using 2-factor authentication for wire transfers. Give each financially authorised company officer an RSA SecurID or similar, and have them authenticate before transactions are approved. Or am I missing something?
What you're missing is that the sort of broken organisations* that fall victim to BEC scams, by definition, don't know that such things are happening or that they're in danger from them. Sure, 2fa could break the kill chain, but so could any number of other, non-technical controls. The problem isn't that there's no way to prevent this happening, it's that the victim orgs don't know or care about them until it's too late.
* "organisation" as a movable feast -- the accounts payable team can be considered "an organisation"