Cyber attacks through emails have been increasing over the past few years. A recent study found that 87 percent of IT professionals have reported their company being targets of an email attack.
“The typical organization will see about a tenth to two-tenth of a percent of all their email as phishing related, which sounds very small until you start thinking of millions of messages every day coming through,” Kevin O’Brien, CEO and Co-Founder of next-gen cloud email security solution provider Great Horn said.
“Those targeted phishing attacks, which are different from what you might see as a consumer,” he explained, “these are hyper-target versions for businesses.”
Research shows that the cost of cyber criminal activity has been growing. In 2017, over $600 million was stolen and the attacks are becoming more sophisticated.
“The direct costs range from attorney fees and litigation to customer notification, and technical investigation to cybersecurity improvements. Beneath the surface? Operational disruption, for one. Then there are increases in your insurance premiums and the lost value of customer relations and contract revenue,” Vancouver cybersecurity expert Thierry LeVasseur noted.
It can take years for an organization to recover from a cyber attack, which only adds to the cost.
Part of the problem has been the evolving nature of cybercrime, Thierry Levasseur explained.
“Throughout most of 2017, the types of email to look out for contained malicious URLs, linking back to sites hosting malware. Proofpoint found the volume of these emails jumped by 600 percent in the third quarter – a 2,200 percent from the same 2016 quarter,” LeVasseur said. “By the fourth quarter, cybercriminals switched their preferred scamming methods from malicious URL use to messages carrying malicious attachments. The volume of these messages jumped by 300 percent during the fourth quarter from the third.”
Moreover, several prominent targets have raised the level of concern, including Hillary Clinton staffers, Google and even Facebook. These attacks have demonstrated the need to properly train employees to spot email security issues and to react appropriately.
While it is important to have a formal employee training program, here are some basic tips that everyone needs to know when it comes to email security and scams:
- Never click on a link or an attachment on an unsolicited e-mail.
- Always check the sender.
- Your bank is not going to ask you to share sensitive information like your social or account number or bank account password through this channel.
- Change your password often and use one with various characters.
- Don’t forget to periodically backup your system.
- Offers that seem too good to be true usually are.
Top security experts have been warning that cyber criminals continue to make their attacks more advanced, particularly when they target someone in an organization.
Now, they are advising companies to prepare for the inevitable by investing in online security software and employee training programs, both of which can improve security levels, especially when it comes to emails.