You know the drill. An email pops into your account from “HMRC”, your bank, Amazon’s “CustomerCare” or another familiar company. The sender format is identical to something you would associate with such recognisable organisations, but you smell a rat. Yep, it’s another phishing scam waiting for you to take their bait and click on a link. Report, delete and you’ve dodged another bullet from the murky world of cyberattacks.
Attackers are after more than just your money. Many want to get their hands on corporate data, credentials and other valuable intellectual property, such as taking your business offline or putting your system into lockdown or just destroy your good reputation. Of course, you may be more conscious of scams as an IT professional, but can you say the same for every department in your company? Every staff member, freelancer or contractor?
Attacks like Petya and WannaCry are preventable with the right strategy in place to protect your organisation. And the world is changing so rapidly, the days of just having basic antivirus software running are gone. It’s time to start thinking holistically about protecting your business operation and implement a cyber resilience strategy to safeguard against email-borne threats and mitigate risk.
But why email? The goal of most cybercriminals is to get in and around your organisation as quickly and quietly as possible, and email is a very effective system to do so. In the vast majority of cases, mostly without their knowledge or understanding, your staff play an integral role in these attacks. According to the Verizon Data Breach Investigations Report 2018, 99% of malware, such as ransomware, was delivered via malicious email attachments or via the web.
Many organisations think their current email security systems are up to the task of protecting them. Unfortunately traditional email security strategies fall short and do not keep organisations safe. Helen Rabe, Head of Information Security - Strategy, Risk and Compliance at Costa Coffee said at the 2017 RSA conference in California: “Cyber resilience is not taken seriously enough, despite the published evidence identifying the growing impact of cyber risk. There is a notable gap between perception and reality when it comes to the impacts of poor cyber resilience planning.”
How about you? Does your organisation think cyber secure, or cyber resilient? Do you respond to an outage crisis, or prevent it from the beginning? Is it time to rethink?