The dangers of the inbox
Now and then, an email with a catchy subject line appears in your inbox, and you end up clicking on it. What unfolds next puts your security and the security of your business in grave danger.
Now and then, an email with a catchy subject line appears in your inbox, and you end up clicking on it, either because you’re curious or assume the sender is trustworthy. Unfortunately, this is how most cyberattacks tend to begin – with a single click. What unfolds next puts your security and the security of your business in grave danger.
Whether you clicked on a link or the unsubscribe button in the email, you would have potentially opened the floodgates to the possibility of single or multiple cyberattacks that could hold your business’ future hostage. According to Proofpoint’s Human Factor 2019 report, more than 99% of cyber attacks require human interaction to succeed. That’s why email security should be at the very top of your business’ cybersecurity concerns.
This blog will help you understand how cybercriminals use emails as their weapon of choice, what are the top cyber threats making their way into your inbox every day, and how you can launch a robust counterattack of your own.
The art of cyber deception
There’s a greater psychological undercurrent to cyber attacks than you might think. Cyber criminals are hitting their targets by deceiving you and making you act irresponsibly, and amid the COVID chaos, more consistently than ever before.
They are continually developing and deploying sophisticated social engineering tactics to fool unassuming recipients. “They quickly adapt and keep the number of targeted users low. This makes it really hard to detect,” explained Elie Bursztein, (Leader Google’s anti-abuse research team), from observations of how attackers have been updating their designs to make them more efficient. Google reported that 68% of phishing emails blocked by Gmail were new variations that were never seen before.
Cyber crime is constantly evolving to match advancements in technology. Being overconfident about your defences or underprepared is certainly not a viable stance anymore. It’s time to adopt a proactive approach rather than a reactive one to counter this deception.
Cyber threats that infiltrate your inbox regularly
Before we talk about how you can build a formidable defence against email attacks, let’s take a look at the top cyber threats that frequently make their way into your inbox and wreak havoc.
Phishing involves hackers deploying various social engineering tactics to tempt users into clicking on malicious links and unwittingly giving up confidential information, such as user credentials. Hackers invest a tremendous amount of effort into assuming a trusted source’s identity, making sure that it is YOU who lets them into the system. Once they’re in, they can either install malware on your network’s systems, access and misuse sensitive data or lock your systems and demand a hefty ransom.
Data suggests that this menace is only growing stronger. Verizon’s 2020 Data Breach Investigation Report stated that 22% of all breaches in 2020 involved phishing. The fact that even well-informed users fall prey to such attacks adds to this problem. In a BullPhish ID study, it was observed that 18.6% of users who clicked on simulated phishing campaigns demonstrated a willingness to submit credentials or requested data.
Business Email Compromise (BEC) and spear phishing
In a business email compromise (BEC) scam, the attacker hacks into your business email account to impersonate employees or any of your organisation’s important leaders with the intent to defraud your company and its stakeholders into sending money or sharing sensitive data. Spear phishing works similarly wherein the attacker dupes the user by creating a façade that the malicious email originated from a trusted source.
A GreatHorn report stated that BEC attacks ballooned by nearly 100% in 2019. To get an idea about the damage a BEC scam can do to your business, take a minute to consider the massive financial and reputational loss your business would suffer if an attacker impersonates you and carries our fraudulent activities in your name.
Taking identity impersonation one step further, account takeovers exploit your compromised user credentials to target both your business’ and your financial stability and reputation. Cyber criminals can go to the extent of accessing other accounts, such as bank accounts and financial statements, to carry out fraudulent transactions. The 2020 Global Identity and Fraud Report by Experience revealed that 57% of enterprises reported higher fraud losses due to account takeovers.
Simply put, the attacker will not just target your business but also utilise it as a gateway to simultaneously exploit customer data.
Malicious malware and viruses
Although used interchangeably, malware and viruses differ on technical grounds. Malware refers to any type of malicious software, irrespective of how it works, but a virus is a specific type of malware that self-replicates after entering other programs. Nonetheless, both pose an enormous threat to your business’ IT environment.
CSO Online revealed that 92% of all malware is delivered via email. All it takes is a simple click for an attacker to access your network’s systems and plant malware or a virus.
A ransomware attack occurs when a hacker breaches your network’s security, encrypts your data and demands a hefty ransom to restore that data. Now imagine your business coming to a complete standstill until you pay the ransom demanded.
Investigations performed on previously confirmed ransomware attacks to date have not shown definitive evidence of theft or exposure of data, only the encryption. However, there has been a change in ransomware behaviour within the last year. These cyber bullies have changed tactics and are now claiming to EXFILTRATE COPIES of business DATA BEFORE encrypting it! They are then leveraging an additional blackmail threat to expose the data if the ransom demand is not paid.
Even if you opt to pay the ransom, you have no guarantees that the attackers would provide the means to decrypt and restore data, nor can you be sure the data will not be sold, exposed or targeted for a direct attack some later date.
Insider threats: The human element
Insider threats are posed by individuals within your organisation or closely related to it, such as current or former employees, vendors and partners. Acting unwittingly or out of malice, they can easily let an attacker into the system, leaving all your sensitive data exposed.
In fact, according to Verizon in their 2020 Data Breach Investigation Report, over one-third of data breaches worldwide involved internal actors. An Egress study revealed that 31% of employees have mistakenly sent an email containing sensitive data to the wrong person.
Last but certainly not the least deadly, misconfigurations in your email platform can expose your network to a host of threats. For example, it could allow the sending of emails without authentication. We’re pretty sure you know what would happen if a cyber criminal exploited this vulnerability and sent out emails impersonating anyone from the company’s executive level. Before you know it, you’d be knee-deep in managing a full-blown PR crisis.
It’s time to engage all defences
The time to upgrade your email security is now. Your business needs to get on the offensive with a two-pronged approach – implementing the best cybersecurity solutions and providing your employees with extensive security awareness training.
Now is the time to implement preventative solutions for endpoint security and backups, identity and access management, automated phishing defence, Dark Web monitoring and security awareness training. The team at onPlatinum can walk you through the best practices that will hold you in good stead for the future.
Let’s talk about them today.
Let’s talk about securing your inbox and your business today.