What is an Email-Borne Attack?
An email attack occurs when an email is used in an attempt to cause damage or harm to either an individual or an organization.
The most common form of email-borne attack is called ‘phishing’.
What is Phishing?
Phishing is a type of attack that’s often used to steal user data, including login credentials and to implant malicious malware on a victim’s computer. The malware could be a virus, a backdoor or ransomware. Phishing occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email and/or clicking on a link or attachment.
Phishing has increased exponentially in 2020:
- 58% of organisation saw phishing attacks increase
- 30% jump in impersonation from January to April 2020
- 60% of respondents’ organizations were hit by an attack spread from an infected user to other employees
What is Malware/Ransomware?
The term ‘malware’ refers to malicious software that damages devices, steals data, and causes chaos.
The most common cause of malware is:
- Virus: Many viruses are harmful and can destroy data, slow down system resources, and log keystrokes.
- Backdoor: A backdoor, is a type of malware that manages to bypass security restrictions to gain unauthorized remote access to a computer.
- Ransomware: Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key.
Did you know? 51% of organisations have been impacted by ransomware in the past 12 months.
What is The Big Deal & Why Should You be Concerned?
The costs implications (let alone the reputational damage – which can’t be measured) involved in an email-borne attack can be catastrophic for an organisation to the point that possible business closure can (and does) occur.
Fraud, system downtime, loss of staff productivity, loss of data, leaked/compromised data, regulator fines and reputational damage should concern all organisations of all sizes.
The costs implications to organisations have been severe:
- 82% have experienced downtime from an attack
- 3 days of downtime on average when hit with a ransomware attack
- 60% experienced an increase in impersonation fraud in the last year
- 31% of respondents experienced data loss
- 31% impact to employee productivity
How Can I Prevent This Attack From Happening in My Organisation?
Security measures such as spam filters, firewalls and Anti-virus software although good to have, is unfortunately obsolete. 73% of hackers said traditional firewall and antivirus security is irrelevant or obsolete.
The best form of preventing this type of attack is:
- End User Training: The end user is not only the last line of defense but the most effective defense. Training the end user through security awareness training is key in preventing this form of attack.
- End User Testing: Although training the end user on a regular basis is good, it’s unfortunately not enough. The end user needs to be tested on a regular basis via a phishing simulation program in order for the training to be effective.
Phishing simulation programs help protect your organization by exposing employees to fake phishing emails and seeing how they react. When phish testing is used in conjunction with end user training, phishing simulation technology can help you get a read on the effectiveness of your IT security awareness efforts.
- 55% of organisations do not provide awareness training on a frequent basis
- 21% of organisations offer training on a monthly basis – a timeframe experts consider the gold standard.
- 17% of staff are only trained once per year.
How can we Help You?
We can offer you a complimentary phishing simulation to your organisation to provide a free Proof of Concept (POC) on your organisations resilience to email-borne attacks. Furthermore, we offer security awareness training to all staff on a regular basis, with specific focus on the staff that have fallen victim to our phishing exercise.
Kindly contact us to request your complimentary phishing simulation to avoid falling victim to a cyber attack and one of our friendly consultants will get in touch with you.