Email is probably not the first thing that comes to mind when business managers are consider how to guard themselves against the increasing scourge of cybercrime. But it should be, because email, while undoubtedly being a business lifeline, is also the most common way for cyber criminals to infiltrate an organisation against!
Email is most vulnerable to cyber-attack because of the growing number of threats including, ransomware, banking trojans, phishing, social engineering, malware and spam.
The issue has come into start focus with the publication of a Barracuda Networks survey of IT security professionals throughout EMEA (Europe, the Middle East, and Africa). The results show that 80% of organisations faced an email-borne, cyber-attack between June 2017-2018 — a powerful statistic! Just as worrying is the fact that a majority of respondents (some 72%) believe that the cost of email-related breaches is increasing. This fear is in fact supported by a Ponemon Institute study which puts Middle Eastern spend on post-breach responses at US $1.43 million — and that's without the hidden costs of productivity disruption and reputational damage.
And if those results aren’t enough to keep you awake at night — try this one. Some 73% of respondents are expecting the frequency of email attack to increase and 70% reported being more concerned about email security now, than they were five years ago. Make no mistake — the threat is growing, and it isn’t just big business that’s at risk. SMEs are as much at threat from hackers. Verizon’s 2018 Data Breach Investigations Report says SMEs account for 58% of malware attacks.
You may be laboring under the illusion that your business is safe because email comes with a basic level of security — so you’re completely ring-fenced right? Wrong. The operative words here are ‘basic level of security’ — and often it’s not enough to protect your business from advanced cyber threats. With attacks increasing in complexity and frequency — even against small companies — additional protection will give you greater peace of mind.
The reality is that a cyber-attack launched via email can lead to significant losses due to lengthy downtime and there’s also a serious risk of reputational damage – your customers trust you to keep their data safe, not compromise them by leaving them open to criminal activity via email.
One real threat you could face is risk of your wireless network being compromised, even if it is password protected. What you really need is indepth defence with access controls regulating who can access what. Another threat comes from employees who think that their personal devices don’t need to be secured at work – they’re wrong. Your network can be penetrated via any smart device, even wearables. And there’s also the common belief that strong passwords will keep your business safe – this too is a myth. Strong passwords are important, but two-factor authentication and data monitoring are needed to keep hackers at bay.
Another reality is that the threat can come from within as well as outside any organisation. Rogue staff within your ranks who have network access, confidential data or admin accounts, can cause real damage – so too can staff who are totally unaware of the risk and can put you in jeopardy through sheer ignorance or carelessness. Analysts cite human error as responsible for 18% of data breaches in Saudi Arabia and the UAE so the need for cyber security training is obvious.
Take phishing and spear phishing, for example, where an employee is tricked into clicking a malicious link in an email. With spear phishing, an email seems to come from someone the recipient knows and trusts, such as a senior manager or a valuable client. Phishing is a highly effective way for cybercriminals to infect businesses with malware. It can start a ransomware attack, quickly spreading from PC to PC and until the ransom is paid, businesses will be unable to access essential files and services.
So, doesn’t it make sense to have in place a cyber security plan in place? Really it’s just like having an insurance policy and will help prevent and mitigate issues as quickly as possible if a cyberattack takes place and productivity is compromised, Cobweb can help advise on this and assist in drafting your plan. We can take a look at your business and determine the best course of action when it comes to protecting it from cyberattack.
Moving to cloud services, such as Office 365 and Azure, is the best way to stay secure and productive and with new Microsoft data-centers opening this year in Abu Dhabi, Dubai and Bahrain, the time to make the transition couldn’t be better.
There are a whole range of tools that can help you boost security and maintain productivity and Cobweb knows them all. Look upon us as your insurance advisors, putting security first. We can suggest your best way forward, help you implement or migrate security solutions, support your in-house teams, or undertake the turnkey implementation.
To put it into stark perspective, industry analysts say malicious or criminal attacks are behind 61% of data-breaches in Saudi Arabia and the UAE, so it makes the utmost sense to guard against them. Not to do so could be a risk too far...