Introduction – the importance of email protection
Cyber crime and data breaches are now leading threats for every firm. In fact, according to some studies, many enterprises now regard this as their number one business risk, ahead of issues such as business disruption or natural disasters.
As cyber attacks are a growing and increasingly dangerous threat. According to government research, almost half of businesses in the UK (46 per cent) experienced a cyber attack in the year to March 2020. Of these, one in five experienced a material loss, such as money or data, as a direct result of the attack. Meanwhile, a further 39 per cent reported they were negatively impacted in some other way, for example requiring new measures, having staff time diverted or witnessing wider business disruption.
But while criminals use a wide variety of methods to infiltrate businesses that can cause damage, one of the most common ways of attacking firms remains via email.
Such data breaches can do great harm to firms’ reputations, lead to lost business and leave them vulnerable to sanctions under regulations such as GDPR.
Therefore, defending against these specific threats must be a priority. However, with so many ways in which these attacks can be executed, one solution isn’t enough. Instead, firms need a multilayered approach that covers all their bases, from initial blocking of suspicious emails through to an effective incident response plan.
The rising threat posed by email
There are a few reasons why hacks that rely on fraudulent or malware-infected emails are amongst the most common threats businesses face. They’re relatively easy to perform, can launch a wide range of attacks and have a reasonably high success rate, as it may only take one recipient acting carelessly for a large enterprise to become infected.
Indeed, 94 per cent of malware that arrives on a PC comes via email Meanwhile, four out of five social engineering attacks use some form of phishing, and even some of the world’s largest companies have fallen victim to cyber security incidents that use these channels.
One of the most famous examples of email as an attack vector was the Sony Pictures hack of 2014, which used phishing emails to gather employees’ login credentials, among other methods. This also shows the severe consequences of cyber attacks, including lost revenue, reputational damage and senior executives paying the price.
Small firms are also at risk
While attacks aimed at large enterprises tend to make the most headlines, this doesn’t mean they’re the only firms at risk. Small and medium-sized businesses may believe their information is not valuable enough for hackers to put the effort in, but this is far from the truth.
In fact, smaller firms can often be more tempting targets than their larger competitors. They often have fewer resources to devote to cyber security, which means their defences are less robust. Criminals may use these companies as backdoors into the systems of larger partners, for example, or look to extort money from firms that cannot afford not to pay.
For instance, in September 2020, the National Cyber Security Centre warned of a growing trend of schools and colleges being targeted by ransomware using methods such as phishing emails. These often leave victims feeling they have no choice but to give into hackers’ demands to retrieve encrypted data or prevent stolen information being publicly released.
New trends mean new threats
Recent changes in our working patterns have also made email a more lucrative target for hackers. With home working becoming more prevalent, many employees are likely to be relying more heavily on the email channel for communications with colleagues and managers.
When an employee can’t get up and speak to a coworker face-to-face to confirm a request is genuine, they may be more likely to respond to a phishing email that purports to come from their remote supervisor. Indeed, according to one study by Mimecast, impersonation fraud jumped by almost a third during the first 100 days of the coronavirus pandemic as criminals sought to take advantage of these new ways of working
At the same time, many remote employees are not taking the necessary steps to stay safe. For instance, according to a study by CybSafe, almost a quarter (23 per cent) use unauthorised devices for work tasks, which may lack essential defences such as email protection software, while only 37 per cent have received a cyber security policy that’s tailored to home working.…
Download the PDF to read the full text.
 Cyber Security Breaches Survey 2020 Verizon Data Breach Investigations Report Sony Hackers used phishing emails to breach company networks Alert Targeted ransomware attacks on uk education sector Phishing: Why Remote working is making it harder for you to spot phoney emails UK Remote workers show poor cyber security behaviours