Is Your Organization Doing Enough To Reduce Risk From Email Cyber Attacks?
With email forming the backbone of communication for any business in today’s times, we clearly live in the “era of the email”. According to Statista, in 2018 roughly 281 billion emails were sent and received per day worldwide, and the figure is expected to increase to over 333 billion emails by 2022. Unfortunately, we also live in the era of viruses, malware attacks and cybersecurity threats. And emails are used as one of the most common delivery methods of cybersecurity vulnerabilities, given the wide reach of emails. In fact, 66 percent of the MSPs worldwide indicated that spam and phishing emails were the most common cause of ransomware infection in 2018.
So, the question arises, “Is your organization doing enough for email threat protection?” And by that we don’t mean just having the security provided by your email provider because that is not enough. By now you are already aware of the scale at which email threats are growing but what makes things worse is the sophistication of these threats. It could be an email (supposedly) from your CEO asking for bank details of all employees or asking you to buy twenty $50 apple gift cards and sending him the codes as he is at an important conference (that your organization has been posting about on social media) or an email from your bank asking you to reset your login credentials as your account has been locked. To an unassuming, unaware and untrained employee such an email might not seem out of the ordinary. But responding to it might result in your organization being a part of the 44 percent organizations that become victims of ransomware attacks.
Now that we have established the importance of email threat protection, let’s talk about what really needs protection when it comes to an email:
- Secure Email Gateway – Anti-spam and anti-virus softwares prevent only 60 percent of spam or malware emails leaving your organization vulnerable to more sophisticated and targeted attacks.
- URLs – Every other email we receive these days has links. And when those links have well-researched, industry relevant and catchy text employees become highly susceptible to clicking on them.
- Attachments – Say for instance you got an email from a known person within or outside of your organization and the email has an attachment. How likely are you to open and check it?
- Impersonation – Going back to the example of the email from your CEO, cybercriminals often build trust by impersonating people from within the organization- C level executives, your boss or a colleague – and once the employees lowers their guard, they extract sensitive information or money (gift cards, credit card details, wire transfer).
- Internal Emails – Using internal emails to spread threats and span is becoming an increasing common practice among cyber attackers because untrained and unaware employees are less likely to suspect such emails.
Being IT experts doesn’t make us any less vulnerable to email security threats. In fact, ECHO gets multiple phishing emails every day, but we believe in being proactive about email treat protection instead of reactive. Our email security partner of choice is Mimecast. Mimecast not only offers email security, continuity and archiving products but is considered by many, including Gartner, to be best-of-breed in these areas.
While we use and implement (for ourselves and our clients) all the above Mimecast services, it is mailbox continuity which has had the most impact with clients. Imagine if there was a sudden email outage and nobody in your organization could send or receive emails for a few hours or an entire day. It would be a nightmare, wouldn’t it? Need to know how you can avoid such a situation? Look out for ECHO’s soon to-be-released blog on Email Continuity and its impact. Looking to evaluate your organization’s email threat protection needs? ECHO can help.