EXECUTIVE BRIEF: WHY ADVANCED THREATS DEMAND ADVANCED EMAIL SECURITY
Email usage continues to increase
Regardless of the proliferation of text and social media, email communication is still growing strong. According to a recent study by the Radicati Group, the total volume of worldwide emails sent and received reached 205 billion per day, with this volume projected to increase by at least 5% every year. And, this fact is not lost upon hackers, who are constantly seeking opportunities to exploit organizations. (The Radicati Group, Inc., Email Statistics Report, 2015-2019 )
Anatomy of an email attack:
• A CFO gets an email from the CEO authorizing an emergency fund transfer. But the email is actually from a cybercriminal.
• An employee with administrative rights to key systems receives an urgent email from IT to update their network password. They actually disclose their password to cybercriminals.
• An employee receives an email to read an important attachment about their benefits provider. When they open the attachment, they unknowingly activate hidden Trojan malware.
E-mail threats organizations face today
Emails offer hackers a vehicle to deliver a variety of vulnerabilities to an organization. Some of the more common email-borne threats include:
Malware – email is one of the top delivery mechanisms to distribute known & unknown malware, which are typically embedded into email attachments in hopes that the attachment will be opened or downloaded onto a computer or network, thereby allowing hackers to gain access to resources, steal data, or crash systems.
Ransomware – one particularly nefarious malware variant is ransomware. Once the email attachment is activated, the code embeds itself on a network and ransomware typically encrypts or locks critical files and systems. The hackers then coerce the organization to pay an extortion fee in order to have the files or systems un-encrypted or unlocked.
Phishing – this common hacker tactic utilizes emails with embedded links to hacker sites. When gullible users visit these sites, they’re prompted to enter PII (Personably Identifiable Information) that is in turn used to steal identities, compromise corporate data, or access other critical systems.
Spear Phishing / Whaling – in this variant of phishing, key IT/networking individuals or company execs are targeted using malware-laced emails appearing to come from a trusted source, in efforts to gain access to internal systems & data.
Business Email Compromise / CEO Fraud / Impostor email – Over the past two years, Business Email Compromise (BEC) schemes have caused at least $3.1 billion in total losses to approximately 22,000 enterprises around the world, according to the latest figures from the FBI1. The FBI defines Business Email Compromise as a sophisticated email scam that targets businesses working with foreign partners that regularly perform wire transfer payments.
Spam – emails are used to deliver spam or unsolicited messages, which can clog inboxes and network resources, diminish businesses productivity, and increase operational costs.
Outbound Email Hijacking – corporations are also subject to corporate policies and government regulations, which hold businesses accountable for their outgoing emails and ensuring they protect their customer’s PII. Zombie attacks and IP hi-jacking can disseminate customer PII, ruining the reputation of a business.
Emails communications are essential to organizations today, something hackers are keenly aware of. Given today’s complex, mature threats, it’s tantamount that organizations deploy a multi-layered security solution that includes dedicated, leading-edge, email protection. To effectively combat today’s emerging threats, organizations are well-advised to implement a next-generation email security management solution that provides fundamental email protection. To learn more about ways to protect your organization’s emails. What your next-gen multi-layered security needs to stop advanced threats. (www.ic3.gov/media/2016/160614.aspx )
About SkyPort IT, Inc
SkyPort IT promises a relentless focus on data security and regulatory compliance so our clients can focus on their business by using best practices and best-in-class technology to proactively design, deploy, and protect clients’ IT infrastructure and data. Why Managed Security Services? Visit: www.skyport-it.com for the answer or for a free consult call us at 585-582-1600 or email SecureMe@skyport-it.com