It's a human issue when it comes to email security.
by Benjamin B. EmailAuthPhishing is the underlying cause of 32% of
security breaches, according to research. Email is the most common point of
entry for malware, providing access in 94 percent of cases.
Just last week, the UK government's Cyber Security Breaches Survey revealed that this worrying trend has not changed: 91% of big organizations are most likely to report phishing attacks as the source of a data breach, up from 72% to 83% in the previous four years. In the meanwhile, reports of other threats, such as computer viruses, have significantly decreased.
Regardless of whether anti-malware
software, firewalls, Sender Policy Framework (SPF), or Domain-based Message Authentication,
Reporting, and Conformance (DMARC)
solutions are in place, phishing emails are reaching organizations and
individuals at an unprecedented rate, causing more consistent bad impacts than
many other security threats combined. Due to the severity of certain phishing
attacks and the scale of the businesses attacked, they have even made
headlines.
FatFace recently paid a $2
million ransom after cybercriminals infiltrated their network via a phishing
email, harvesting 200GB of data, including workers' bank account information.
The original ransom of $8 million would have essentially put the shop out of
business, as it was only making 25% of its usual revenue due to the pandemic.
This should act as a chilling reminder of the devastating effects that poor email
hygiene can have on businesses of all sizes.
So, what is the solution for companies like
FatFace, or for people who are desperate to avoid being victims of this level
of cybercrime? In the end, bolstering email security requires finding a balance
between defensive technology and adequate employee training.
Even if a firm has the most secure defensive
system in place, it will still be vulnerable unless it has a company-wide
security-first attitude and a thorough awareness of threats and
vulnerabilities.
Fostering
a culture of training and education
When it comes to evaluating cyber defenses, culture is a significant issue, with a recent poll finding that 65 percent of firms that did not deploy a zero-trust security approach did so because it did not fit with their company culture.
However, in defending a company's IT
infrastructure, a security-first attitude is becoming increasingly vital, and organizations
must examine if their culture prioritizes security or cultivates
vulnerabilities. If they aren't completely revamping their security posture
with a framework like zero trusts, businesses should at the very least be
regularly training and counseling their employees on how to identify and react
to a malicious email.
Outsourcing white hat hacking and phishing campaigns
that mimic real-world assaults should be included in adequate cybersecurity training and
awareness to teach employees what they are doing wrong and how to
distinguish between a dangerous and a safe email in the future. Importantly,
when workers spot and report questionable conduct or communications, they
should be rewarded in order to encourage continued vigilance.
Sponsor Ads
Created on Aug 17th 2021 04:45. Viewed 185 times.