Why Email Security?
Email security threats are increasing. The research conducted for Cyber Security Hub’s mid-year market report 2022 revealed that 75% of cyber security professionals believe that email-based threats such as phishing or social engineering pose the “most dangerous” cyber security threat to organizations. The most important thing for companies to do is protect their communication system without compromising its efficiency.
Email security is essential for protecting brands from external threats, but it’s also important to protect customers from phishing data breaches and Business email compromise (BEC). Email security is essential to protect companies from external threats. It’s also important to protect customers against outbound threats such as a data-feather-click track=”true” data-feather link aids='[“5850143e7c1fea34ebb31cca”]’ href=”https://www.cshub.com/attacks/articles/the biggest…
Email security threats are not limited to attacks by bad actors but also include the company’s internal functions. Stanford University research found that employee mistakes caused 88% of data breaches. This means companies need to be extra vigilant when training their employees. The training should be in a format that is easy to understand so employees can retain the information and avoid future mistakes.
If not addressed quickly and effectively, this threat can cause further damage to a company’s brand. Even loyal customers can only gain trust in an organization if they feel confident in its cyber security strategy. This is especially true when personal data are at stake.
Weak email security is a vulnerability.
It is dangerous for an organization to ignore email as a potential security risk. Deloitte, a professional services network, reported 2020 that 91% of all cyber attacks began with a fake email.
Poor email security can present a variety of threats, from social engineering, phishing, and account compromise, to data theft and takeover. Phishing attacks target passwords or accounts which may contain valuable and sensitive customer information. It can be difficult for users to tell if an email is a scam, even if the organization offers email protection and security training.
Muhammad Babamia is an IT internal audit specialist at South African investment company Transaction Capital for cyber security, data, and analytics. He agrees that careless employees are the greatest threat to email security.
He adds, “People are the weakest link in cyber security.” This is particularly true regarding email security. Email configurations and security layers can reduce email-related breaches. However, these remain in place because they rely on people’s diligence.
Phishing campaigns can have devastating consequences for businesses. In 2014, Sony Pictures employees, including network administrators and system engineers, were targeted by fake emails that appeared legitimate communications from Apple. The emails asked them to confirm their Apple ID credentials.
Clicking on the provided link took employees to a legitimate webpage that required them to enter their login information. These emails were sent to those most likely to have access to Sony’s network. The details obtained were then used to hack Sony’s network.
A spear-phishing campaign resulted in the theft of multiple gigabytes, including data relating to business, financial records, projects involving customers, and digital copies of recently released films. Sony lost an estimated US$15mn due to the hack.
Kym Welsby is the regional director of Clearswift in APAC, a HelpSystems Company. She notes that one issue with email security was that it was not designed with security functionality.
“[Email’s lack of security] was its secret to success.” It was okay when people used it only to communicate with people they knew, but as its use increased, people began to have no idea who was contacting them.
Employees within a company are used to receiving emails from people outside of the business. They may also be comfortable speaking with people that they don’t know. This can lead them to become less suspicious about potentially fraudulent or dangerous emails. Email security is a complex issue. From direct attacks against employees via phishing campaigns and social engineering, to the lack of security features in emails, there are many threats.
Ensure email security in your business.
The email-based attacks, such as social engineering and which directly target employees in a business, can devastate businesses. Three out of four cyber security professionals who Cyber Security Hub surveyed for the Mid-Year Report 2022 stated that these attacks are ‘the most dangerous threat to cybersecurity.
These attacks target employees within a business and are responsible for ensuring that the attack doesn’t progress in their own hands. These attacks also rely heavily on the psychological manipulation of employees. These attacks can effectively convince employees to behave in ways they wouldn’t normally do, even if the employee has received security training.
The ability of employees to evaluate whether or not an email is secure may be a factor in phishing attack effectiveness. It can be problematic if employees ignore cyber-security training. Welsby, from Clearswift, explains that complacency may be due to the misconception that antivirus and antimalware software are sufficient to stop all threats. Antivirus software can only contain and prevent known threats like malware or ransomware. However, if an attempt at a breach involves a file or URL that’s new or unknown, it may be unable to block the attack.
How to get employees involved in email security
One member of the Cyber Security Hub Advisory Board suggested in a discussion that linking email security with a company’s universal goals was beneficial. The business will conduct multiple phishing tests throughout the year. Its score will affect the bottom line. The reason for this is that phishing attacks can indirectly impact a business’s bottom line. Cyber-attacks are expensive, so companies will incur losses in operating costs if one occurs. Cyber-attacks can also cause customers to lose faith in a business and move their business elsewhere. This will lead to a drop in overall revenue. Financially motivated employees will be more careful not to click on potentially harmful links as they are rewarded for their excellent behavior.