Cyber criminals stole more than $3 billion over the last three years through Business Email Compromise (BEC) scams. Those scams targeted small and mid-size businesses (SMBs), in particular. According to the recently published Internet Security Threat Report (ISTR) from Symantec, email has emerged as the weapon of choice for cyber-attacks in 2016. Sadly, while one in 220 emails contained malware in 2015, that rate increased to one in 131 emails in 2016.
Attackers now favor spear-phishing email campaigns that target specific individuals, organizations or businesses. The highest rate of phishing emerged in companies with between 251 and 500 employees. With now professionalized spamming operations, malware authors often outsource their spam campaigns to highly organized groups.
Cyber criminals use several general tactics to spread malware and ransomware. A favorite method involves disguising malicious emails as routine correspondence, as we saw in the 2016 U.S. presidential election.
In March 2016, an email that appeared to originate from an official Gmail account was delivered to the account of Hillary Clinton’s campaign chairman, John Podesta. The email suggested that his account had been compromised and instructed him to reset his password. As we now know, the victim unknowingly clicked a malicious URL and delivered the password to the attackers.
Most businesses receive thousands of emails each day. With increasingly sophisticated and targeted attacks, it can prove difficult to recognize malicious emails. More and more often, cleverly disguised emails use social engineering, relying on human interaction to trick users into breaking security protocols.
Increased email security is necessary to help businesses guard against common social engineering tactics, such as:
Emailed malware typically follows this basic process:
Savvy users have already adopted simple email security measures such as immediately deleting vague emails and not clicking on attachments unless they come from a trusted source. As attackers employ greater sophistication, businesses need to build more sophisticated defenses.
Some basic, but powerful, email security measures you may not have implemented:
Most importantly, invest in multi-layer email security. A comprehensive security system is critical to protecting your business from malicious cyber-attack. With commercial-grade security equipment and automatic updates to guard against the latest threats, you gain both peace of mind and enhanced productivity.
Think of all the devices accessing your network, from laptops and PCs to tablets and…
Penetration testing, the process of simulating cyberattacks to identify vulnerabilities, plays an essential role in…
Carl Mazzanti is the president of eMazzanti Technologies in Hoboken. Is your organization trying to…
Migrating to the cloud delivers undeniable business benefits. But it also opens the door to…
Carl Mazzanti is the president of eMazzanti Technologies in Hoboken. One of our clients —…
With the new Microsoft Planner joining the Microsoft 365 universe this year, users are taking…