What if you could invest in just one cybersecurity tool that would combat 91% of cyberattacks targeting your business today? Well, according to a study two months ago, 91% of cyberattacks are implemented by phishing emails. Sounds like a managed email security solution is definitely worth the investment.
Phishing Attacks Have Come a Long Way
It might seem astounding that so many people continue to fall for phishing attacks in their email inbox. A dozen years ago or so, phishing emails were commonly associated with the infamous Nigerian phishing scams that would incessantlyattempt to involve gullible users in their bank transfer scam. For experienced users, these emails were seen as highly amusing with their blaring misspellings and rampant grammatical errors. The tall tale of the rich monarch who had chosen you of all people to help him move his royal wealth in return for a handsome fee was audacious and comical. That was then. Today, phishing attacks are no laughing matter!
Less than two years ago, the Mattel Corporation fell victim to a $3 million phishing scam that was brilliantly conceived and flawlessly executed. Mattel had just hired a new CEO after the dismissal of their previous one due to a less than lackluster sales performance. A finance executive received an email request from the new CEO requesting a routine funds transfer to a new vendor in China. Wanting to please the new boss, the executive issued the transfer to the Bank of Wenzhou, in China. By the time the scam was found out hours later, the funds had been withdrawn. The biggest and the brightest have fallen for these types of email scams and the penalty of doing so can be enormous.
Email is the Primary Delivery Method for Ransomware
Ransomware stole many headlines in 2017 in addition to the money that was stolen in attacks. Ransomware became a $1 billion dollar industry in 2017 according to the FBI. Because this new form of cyber extortion works so well, hackers continue to pour resources into advancing their attack strategies. Last year, ransomware grew by 250% over the year prior. Estimates are that ransomware attacks cost business more than $5 billion in damages. This includes ransom payments, cost of cleanup and lost data. On average, small businesses paid $1,400 to retrieve the decryption keys necessary to recover their data. January 2018 saw its first publicized ransomware attack. The victim was a Hospital in Indiana that was forced to pay $55,000 in order to return to normal operations.
Email continues to be the preferred delivery mechanism for ransomware. According to a report in June of 2016, 93% of all phishing attacks carried some sort of ransomware. These phishing emails are designed to entice users to either click an embedded link that will open a web connection to download a malware payload or open a malware-infected attachment. Once deployed to the user’s desktop, the malware will then begin scouting the local network for targeted file types. Once your files are encrypted, they are inaccessible without the decryption key held by the perpetrators of the attack. Sometimes these attacks are carefully targeted at a business. In other cases, the attacks are blindly sent out over the Internet in tsunami like fashion. One such attack back last summer involved 23 million emails.
Business Email Compromise Attacks
The mentioned incident of the Mattel Corporation is a classic example of a Business Email Compromise (BEC) attack. In some cases, these attacks are generic such as the W2 BEC attacks that have been regularly launched for the past two years during tax time in which an “administrator” emails the HR department for copies of the W2 forms for all employees. In most cases however, BEC attacks are highly specialized. Cyber criminals hack into a company’s email system and then monitor the company for what can be months in duration. They learn how targeted executives or administrators phrase their emails and learn the culture of the organization and when employees are the busiest. Once fully educated, they then make their onetime strike, requesting a transfer of funds to be made to a wired account. As in the Mattel case, these attacks can garner millions of dollars in a single attack. Estimates are that BEC attacks will cost companies more than $9 billion in 2018.
Email Security and your MSP
A simple generic spam filter will no longer fully protect you today from email attacks. A managed services provider (MSP) can offer you the advanced email security services you need to secure your business without having to invest precious capital in a hardware-based system. Just as important, an MSP has the trained staff to manage your email security and offer assistance in determining the risk of emails that you may deliberating about. An MSP is your cybersecurity partner, protecting your assets on a 24/7 basis.