The Latest Threats to Email Security
Understand the latest trends, signals for attacks, and the value of email security as a key element of your organization's security programs.
Articles published October 24, 2018 by Bob Bally
Updated February 2021
Today, our personal and professional inboxes alike are flooded with emails. On top of the emails we get that are simply not relevant, there’s also the ever-present potential of fraudulent emails, like phishing and spam, which try to trick you into clicking on malicious content or sharing personal information. Given the increase in remote work and consequently, electronic communication, these types of email threats present an especially serious concern for businesses.
Unfortunately, these kinds of attacks are gaining in popularity. And the consequences are costly, both in terms of credibility as well as data and financial loss.
BakerHostetler’s 2020 Data Security Incident Response Report identifies phishing as the number one cybercrime experienced by U.S. businesses, causing 38 percent of business data security incidents in 2019.
And according to the FBI’s Internet Crime Report, Business Email Compromise, or BEC, scams are increasing. In 2019 BEC scams cost businesses more than $1.7 billion.
Business Email Compromise on the Rise
Scam emails are nothing new, but the methods scammers are using are getting more sophisticated. According to Mimecast’s Email Security Report, impersonation fraud increased a whopping 30 percent in the first 100 days of the COVID-19 Pandemic.
Through social engineering or intrusion, bad actors can send impersonation fraud emails mimicking legitimate business correspondence requesting sensitive information or the transfer of funds. Be on the lookout for requests for money, whether through sending gift cards, wiring funds to an account, or even getting payroll information changed. If an email from a supposedly safe contact seems suspicious, follow up with that individual via phone call or in person to confirm the authenticity.
Phishing and impersonation emails are often able to go undetected by spam filters and anti-virus software. That’s why employee security training is an essential component of your organization’s overall cyber security strategy.
Most Popular Kinds of Cyber Attacks
While phishing, malware, and spam are some of the most common types of email threats, other cyber attacks, including DDoS and ransomware, can be equally devastating. According to the Mimecast report, nearly 51 percent of organizations experienced ransomware attacks in 2020, and, on average, experienced 3 days of downtime as a result of those attacks.
In all instances of email threats, corporate inboxes are more heavily targeted than personal inboxes. This is not surprising given the possible outcomes of infiltrating a business versus an individual, yet serves as a reminder of the importance of organization-wide training and sophisticated detection and prevention methods to keep your business safe.
Targeted Cyber Attacks by Industry
While it is important for businesses of all sizes and in all industries to remain vigilant, the Keepnet 2020 Phishing Trends report identified the business sectors most likely to fall prey to fraudulent emails were Apparel & Accessories, Consulting, Securities & Commodity Exchanges, Education, and Conglomerates.
Across industries, the Keepnet report also found
- 1 in 2 employees are likely to open phishing emails
- 1 in 3 employees are likely to click a link in a phishing email
- 1 in 8 employees are likely to share data or other sensitive information in response to a phishing email
So how are you going to keep your organization safe from malicious emails?
How to Keep Your Organization Protected
Ensuring you have a protected network in place and keeping your organization updated on the latest email threats are both important layers in your organization’s overall security. However, there are two other effective ways to educate your employees and reduce your risk of a breach.
Social Engineering Assessment
As we’ve seen, one of the most common in-roads for fraudulent emails is through social engineering. One way to ensure your organization is protected from social engineering attacks is to leverage an external social engineering assessment. The assessment will include a series of tests to see how easy it is to gain access to company networks and data. These tests are done to determine how and where an organization is vulnerable to attacks.
After the assessment is completed, you can take the necessary steps to mitigate exposure to many of the most common types of cyberattacks. In addition, your organization should communicate to employees how to make their workplace more secure and reiterate the information through regular training sessions.
Security Awareness Training
Another way to help prevent breaches is to make sure all employees are aware of the different ways that hackers try to manipulate them and access data. Mandatory and regular security awareness training will be a huge benefit over time. Effective security training put on by your IT department or managed IT services provider, will not only discuss the different kinds of cyber and social engineering attacks, but also how to thwart those attacks. Give concrete examples of actual threats, and possibly set up a test/false attack to identify employee behaviors and what additional training might be needed based on the outcomes.
For better success in thwarting email threats, host security training quarterly or even monthly. Cyber threats are constantly evolving, and by keeping your employees alert and up-to-date, you can better protect your organization.
Stay Safe from Email Threats
Whatever your organization decides to do, it’s important to stay current on trends and continually adapt your business practices to counter new processes and types of attacks. Ultimately, your investment of time and resources will be proven invaluable if, and when, cyber criminals try to infiltrate your network. Keeping your employee and business data secure through the right education and tools will set you up for safety, security, and success today and in the future.
Is your organization taking the necessary steps to thwart cyber attacks?
Read our white paper: Enhancing Information Security In An Unsecure World