Why You Should Take a Holistic Approach to Email Security
Most business owners, that stay remotely on top of current business news, cannot help but have seen articles detailing the drastic rise in cyber-threats over the course of the 2020 pandemic.
Most of these take the form of email-based attacks with 96% of phishing attacks arriving by email while 3% are carried out through malicious websites and 1% via phone, the latter often called vishing (voice) and smishing (text) attacks.
According to new survey data companies are experiencing an average of 1,185 such attacks every month with 38% of respondents reporting that a staff member had fallen victim to an attack within the last year.
Some Phishing statistics that may help you protect your business
According to recent reports, the top five subject lines for “business email compromise” attacks contain the words:
· Urgent
· Request
· Important
· Payment
· Attention
The top five “types” of data that are compromised in a phishing attack are:
· Credentials (passwords, usernames, pin numbers)
· Personal data (name, address, email address)
· Internal data (sales projections, product roadmaps)
· Medical (treatment information, insurance claims)
· Bank (account numbers, credit card information)
The most common consequences/impact are:
· Nearly 60% of organizations lose data
· Nearly 50% of organizations have credentials or accounts compromised
· Nearly 50% of organizations are infected with ransomware
· Nearly 40% of organizations are infected with malware
· Nearly 35% of organizations experience financial losses
The most common ways in which a victim business is financially penalised by a successful attack are:
· Lost hours from employees
· Remediation
· Incident response
· Damaged reputation
· Lost intellectual property
· Direct monetary losses
· Compliance fines
· Lost revenue
· Legal fees
The most targeted business sectors in the 1–249 employee size-range are:
· Healthcare & Pharmaceuticals
· Education
· Manufacturing
Leaving aside for the moment Spear Phishing attacks, tailored specifically to the target business, the most common brands impersonated by phishing emails over 2020 were:
· Apple
· Netflix
· Yahoo
· PayPal
· Microsoft
· eBay
· Amazon
Who specifically are the targets?
In a word? Everyone!
Cybercriminals have become less concerned with where employees stand on the organizational depth-chart. Recent statistics showed an even split, with 56% of victims being mid-level managers, followed closely by entry-level staffers at 51% and then CEO or head of the company at 49%. This dispels the common myth that only the C-level employees are highly targeted.
What to do about it
It is more important than ever that companies provide their employees with the knowledge and tools necessary to recognize and fend off phishing attacks.
It is important to both implement protective security layers to your email systems and to be pro-active about cyber-awareness training for your staff, to best mitigate these threats.
Cyber Awareness Training
Keeping employees apprised of the ever-advancing threat landscape is paramount
Industry leading solutions, such as KnowBe4, recent winner of various “cyber-security product of the year” awards, offer a well-rounded solution by combining simulated attacks, performance reporting and targeted training and resources.
Ideally, cyber-awareness training should be implemented regularly, certainly not less than annually — to ensure that new starters are educated while existing staff are refreshed and encouraged to stay alert.
Spam filtering
A good email security solution, such as those offered by industry leader Barracuda, give employees a fighting chance by becoming the first line of defence, identifying most malicious emails, and quarantining them before staff have the option to interact at all.
Quality spam filtering can remove over 90% of malicious emails and many now integrate machine learning facilities, allowing them to stay on top of changing tactics employed by malicious actors.
Conclusion
The pandemic has brought with it many consequences, and the steep rise in cyber-attacks is just another than businesses need to contend with.
Taking a holistic approach to email security, combining system-based defences and staff training, gives a business the best chance to negotiate these stormy waters in 2021 and beyond.
Want more advice? If you would like advice on IT for your small business or start-up, get in touch.
