Ransomware Insights and How You Can Prepare Your SMB
Since its inception in the early days of the Internet, email has remained the go-to form of electronic communication for organisations and private individuals worldwide. With the large-scale adoption of email, cybercriminals have seen an opportunity to extract money and data from unsuspecting recipients, install malicious software on unprotected endpoints, and take advantage of unsuspecting victims.
Email security should be front and centre of any organisation’s cybersecurity plan. According to a 2019 Verizon report, 94% of global malware attacks originated from an email, with over half being financial.
It’s no longer appropriate to rely solely on employees to be conscientious – be they office-based or remote workers. Organisations need to adopt a robust, managed email security platform to protect their money, assets, data and customer relationships.
We’re going to look at why email security is so important in the modern workplace by exploring some of the main forms of attack and providing some practical advice on how to protect your network best.
The Main Forms of Email Attacks
A ‘phishing’ attack occurs when a cybercriminal sends an email impersonating a trusted source such as a colleague or well-known brand, with the intention of the email recipient clicking a malicious link or downloading a piece of malware.
Once the employee has opened a link or downloaded an attachment, embedded code deploys malware to the affected device that extracts information and propagates itself over a network and onto the rest of the organisations endpoints and data.
Without the proper training, phishing attacks can often be difficult to detect. Therefore, Employees should be on the lookout for the following:
- Poor email composition that doesn’t match-up with company standard email formatting.
- Links or attachments that require a user to enter any form of login credentials – users will often try to use their default domain credentials, which are then captured and used to gain access to a corporate network.
- Suspect URLs that on first glance appear legitimate but contain spelling anomalies and random characters such as a full-stop, or a forward slash.
- Links to documents on cloud storage platforms such as Google Drive or Dropbox.
Derivatives of phishing attacks also involve so-called ‘spear phishing’ attacks – an advanced intrusion method that involves the hacker obtaining hyper-specific information pertaining to a person’s job in an effort to appear legitimate, including work extension numbers, the names and job roles of their fellow team members and general company news.
‘Whaling’ occurs whenever a hacker directly impersonates a member of an organisation’s senior management team in an email – usually a high-ranking C-Suite employee such as a CEO or a CFO – in an effort to either be sent money, or to get users to access a malicious link or file.
By taking advantage of employment information posed to social media accounts – job roles, employment history, office locations etc. – criminals are able to craft emails that appear 100% legitimate to low ranking staff, who feel duty-bound to carry out the request.
Whaling attacks are often prevented by staff being mindful of the fact that the individual in question has never contacted them before, nor would they do so directly for such a request. Such attacks are also usually linked to a personal email address that doesn’t stand up to scrutiny.
The Consequences of an Email Attack
Most commercial cybercrime is conceived with the end goal of extracting money from the victim. ‘Ransomware’ attacks are a particularly destructive form of intrusion that involves a hacker deploying malware on a network that encrypts all the data it encounters. Criminals then sell the encryption key back to the company for a small fortune.
Take a moment to think about what would happen if you were immediately rendered unable to trade. Even with a comprehensive Backup and Disaster Recovery plan to fall back on, companies stand to lose weeks or even months’ worth of potential revenue as data is recovered and restored across their network.
Regardless of what sector you work in, if your clients’ information is compromised as the result of an intrusion, it can lead to some pretty difficult phone calls. Whilst some of your customers may be understanding, there is undoubtedly a sizeable proportion that would not take too kindly to be informed that their bank account details have been exposed to international criminals, to do with as they please.
Modern cyber insurance policies usually cover the cost of defending yourself against a claim from a client in the event of a GDPR breach, but it is impossible to quantify the damage a successful email attack does to your brand among both current and prospective clients.
Advanced Email Security
Businesses should be continually mindful of the importance of email security – both in the ways in which they train their staff to recognise intrusion attempts, and the countermeasures they deploy on their network to combat such attacks.
Fortunately, the cybersecurity industry has largely kept in step with the ways in which hackers attempt to access a network via email. Most cybersecurity companies and IT support providers offer a product called Advanced Email Security, which performs the following functions:
- Scans incoming messages to flag up suspect files and links.
- Immediately halts the transfer of emails that claim to be sent from within your company’s domain but originate outside of it.
- Provides a secure space for quarantining suspect messages.
Email Security platforms are centrally managed by your IT staff or Managed Service Provider (MSP), easy to deploy (often simply a case of registering each email address and re-pointing external traffic to deliver email to the security platform first, rather than directly to your staff), cost-effective and easy to manage. Staff even have the option to administer their own whitelist and blacklist of legitimate or unwanted emails.
Email security should be of paramount importance to businesses of all shapes and sizes. Intrusions can and do happen, even within huge multinational organisations with multi-million security budgets, so there’s a lot to consider, but try to keep in mind these few simple tips:
- Engage with the experts and deploy an Advanced Email Security platform.
- Train your staff to be mistrustful of suspect information, regardless of where it claims to originate from.
- Operate a robust and far-reaching Backup and Disaster Recovery plan that covers all your data in the event of an attack.
- Consider purchasing a cyber insurance policy that covers reputational and financial damage.
Would you like to learn more?
Let us know what you would like to hear about from our Cybersecurity experts.
Identity management solutions can be advantageous to Managed Service Providers, along with the benefits it can deliver to their customers