Cyber Security

Let's go phishing! The new wave of email attacks

Written by SysGroup Marketing

Email remains the single biggest method of cyber-attack used by criminals to gain access to your business data. This has been impacted by the rise of the modern workplace, with the security limitations of flexible working proving email attacks are here to stay.

Whilst businesses are looking to realign to this new working landscape, the change that comes with this brings added risk. More than ever, employees are working from multiple locations, accessing critical data with their own devices, in shared workplaces, and from home. Enterprise-grade solutions decrease the risk of employees and companies falling victim to email scams and attacks.

Therefore it's no surprise that CISCO found 86% of businesses suffered at least one cyber-breach as a direct result of an email attack in the last year, increasing the highest average cost of a data breach in 17 years to £3.2m.

Why is this? Many business owners might be wondering why in an evolving technical landscape, cybercriminals are still enabled to steal data, money and and time from businesses from what is otherwise considered an outdated technique?

Phishing is more targeted than ever

Phishing is a type of undercover attack where cybercriminals manipulate victims into divulging sensitive information or unknowingly install malware. Regardless of how many layers of IT security your business deploys, the weakest link always tends to be the human factor.

Whilst employees are businesses' biggest asset, they can also be their biggest vulnerability, and phishing techniques exploit this through personalised, sophisticated and targeted emails. Before implementing security protocols such as email security, firewalls and MFA, cyber-protection education should be a priority and delivered to all employees.

Uneducated staff are the easiest targets for phishing attacks, as they are quick to engage with an email that on first appearances, seems to come from a reliable source. Many phishing emails are looking for a quick financial transaction or credentials that could prove useful for other cybercriminals. As such, each email is becoming personalised, often mentioning the recipients name, job title and other demographics to trick the recipient into believing they have a connection with the sender. This leads to clicking a malicious URL or email attachment, allowing a cybercriminal to successfully infiltrate your network.

Clone phishing is sophisticated

Alongside more sophisticated phishing techniques, cybercriminals have also developed a next-level threat that clones legitimate emails and replaces genuine content with malicious links.

Clone phishing allows attackers to re-send an authentic email, so all content contained in the email remains the same, intercepting hyperlinks to unknowingly trick recipients into installing malware. This means it is no longer just the recipient at risk, but their contact list and others in their network.

Naturally, clone phishing is particularly vindictive as it relies on the credibility of the original email and its sender. Therefore, it's paramount that organisations ensure their employees are aware of emails that concern a time-sensitive matter, strong emphasis on clicking, downloading or accessing a fil or invitations, especially if the email has been re-sent.

Most commonly stolen data

Since offices have shifted to hybrid working, there has been a substantial increase in the number of malicious files sent and distributed across enterprise networks. Successful attacks intend to steal as much data as they can, particularly sensitive and business-critical information.

The top three types of data currently being targeted by phishing scammers are:

  • Login credentials (passwords, PINs, account names, etc.)
  • Personal data
  • Employee medical information

Login credential theft is the most common by a considerable margin, with stolen passwords accounting for 44% of all data breaches reported by SMEs. At least 60% of business-related passwords do not meet the minimum security requirements, so this doesn't come as much of a surprise.

Protecting your business with SysGroup

How do you keep your business and employees safe?

The first step is to enforce a strong email security solution. At SysGroup, we can deliver automated email security that requires minimal effort, and maximum peace of mind.

We can save your IT team valuable time by eliminating trawling through unwanted emails across inboxes, immediately blacklisting malicious software and unauthorised users on a 'default allow' basis.

Secure TLS (Transport Layer Security) encryption also comes as standard, and you can rest assured knowing our email solutions are deployed in the cloud, blocking spam and viruses before they even reach your network.

However, as the technological landscape continues to advance, deploying IT security measures in isolation is no longer enough. Without a unified IT security approach, you can risk an attacker slipping through the cracks in your infrastructure. Once they've infiltrated your network, the damage is already underway.

MSPs like SysGroup can help you navigate a multi-layered approach to phishing and other cybercrimes.

Firstly, it should be difficult for attackers to reach your business' network in the first place. By utilising enterprise-grade email security and MFA (multi-factor authentication), you significantly reduce the chances of your business data becoming a rich resource for hackers.

Should an attacker managed to infiltrate your security measures, SysGroup's dedicated and experienced security team work around-the-clock to monitor your network and devices; plus help identify and report and suspected breaches. Our team also deliver relevant training to spot potential risks, creating an environment that facilitates a clear reporting method and useful feedback.

279 days you can't afford to lose

Additionally, the average data breach takes 279 days to rectify on average, with the damage already done often proving irreversible. SysGroup is dedicated to responding to incidents quickly, consistently overseeing a proactive security strategy that eliminates risks before they launch their cyber-attack.

As the growth of phishing attacks has shown, they're becoming increasingly targeted, sophisticated and topical. There are 15 million stolen credentials available on dark web platforms, meaning the sheer accessibility of data online allows cybercriminals to shift from a mass fishing net approach to highly personal emails that have a vastly higher success rate.

This increase is unlikely to slow down, so neither can your IT security solutions. The first step is keeping your employees up-to-date and educated on all types of email attacks and how to identify them, followed by deploying a unified IT security solution.


Resources

You might also like