New Year, same problems. Cybersecurity issues continue to be the main problems industries face everywhere today. The cyber-attacks can be in the form of ransomware or malware, but the key point is, they continue to happen.
According to a study by Barracuda Networks Inc, 87% of companies faced email-based security threat in 2018. The leading provider of cloud-connected security and storage solutions conducted a study on 634 executives, individual contributors and team managers serving in IT security roles in the Americas, EMEA and APAC.
So why are cybercriminals using emails?
James Forbes-May, the Vice President of APAC Sales of Barracuda said, “Spear phishing is one of the cheapest and easiest strategy used by hackers to target companies. It takes advantage of the weakest link in an organisation’s security chain, its employees.”
He added that as employees, whenever we receive an email seemingly from an authoritative sender, which is normally a CEO or senior executive from a company, we tend to just read it and follow the instructions. When clicking on the clickbait links in these emails, a user is taken to a spoofed site requesting important credentials or even initiate a covert malware download.
The study by Barracuda showed that a third of organisations had experienced such an attack. Phished credentials allow attackers to not only get personal credentials but also go after large stores of customer data which are highly monetisable in the cybercrime underground markets or dark web.
In 2019, Barracuda sees ransomware will continue to be disruptive. One in three businesses have had ransomware attacks but this is only of the attacks that are known. A lot of organisations are still in the dark if they have been affected by ransomware or not.
Barracuda takes two steps in helping organisations deal with phishing emails. The first would be its AI solution on email protection. Email security tools can be used to scan for malicious URLs and attachments and block the email before it reaches the user. Multifactor authentication is also an effective method to stop hackers. Today, with AI, there is automated detection of spear phishing. These systems learn your organisation’s unique communication patterns to spot in real time any suspicious materials.
The second step is through training and education. Users need to know what to look for whenever they receive emails on their devices. They need to check the URLs to ensure it is legitimate. Users should also avoid clicking on these URLs especially if they are from unknown sources. When accessing a site through an email link, never share or reveal password or login information. Instead, go the site directly via your browser.
“The bottom line is, the market needs to be more vigilant. The biggest attack in any organisation is through the users.”
“Having email protection is important. But the type of protection your organisation has comes down to how important is your data? Businesses should spend on protection based on that,” Forbes-May concluded.