2017 was another watershed year for cybersecurity. The breaches at Equifax and Yahoo! stand out for their size, but the more troubling development is how much more targeted attacks have become.
The HBO attack showed us that hackers are willing to focus on valuable intellectual property or private conversations and hold them hostage for a hefty ransom. The continued attention on the Democratic National Committee hack also revealed that hackers have political agendas that can transcend financial motives.
Perhaps one of the most pernicious attacks of 2017 fell off the radar, though. Hackers targeted offshore law firms and stole information about potentially shady financial practices of the super-rich. When a target of that size and consequence falls prey to hackers, and all under the guise of “doing social good,” it’s clear just how expansive cyberthreats and the motives behind them have become.
The Most Important Lesson of 2017
The frequency of attacks is on the rise, as are attacks’ impacts. The average data breach now costs companies more than $3.6 million, which doesn’t account for bolstering security protocols or managing reputation fallout. The larger and more long-term cost that’s measured in consumer confidence is perhaps most damaging — one that can lead to millions in lost revenue. Yahoo! is a great example of that.
With these staggering statistics, cybersecurity is likely on the mind of most enterprises, and the email inbox should draw important attention as the most vulnerable point of attack.
Hackers regularly target inboxes because they’re an easy point of access and offer a treasure trove of valuable information. While users tend to view their inboxes as secure, up to 65 percent of all received emails are spam. Some of these potentially malicious emails are easy for users to spot, but many others such as business email compromise scams perfectly mimic messages a user might get from his bank or boss, making them prime entry points for lucrative and dangerous cyberattacks.
Components of an Email Security Strategy
Companies ready to get serious about cybersecurity and turn their focus to securing the inbox need to consider these tools and best practices for a comprehensive and easy-to-use email security strategy.
- Filtering Aided by Machine Learning: Comparing incoming emails against a database of known threats and analyzing the content for malicious phrases and patterns helps to filter out bad traffic. With the aid of machine learning and live threat analysts, these filters can better detect and deflect newer and more advanced threats.
- Email Encryption: The ubiquity of email serves has a benefit to businesses and hackers alike. With easy communication, sensitive data and seemingly innocuous messages are easily transmitted for everyday business operations. Without email encryption, sensitive data from protected health information to financial details to intellectual property can be intercepted and sold or ransomed. Messages without sensitive data still hold value, as hackers learn details that could be used for social engineering and scams such as business email compromise. By implementing an easy-to-use email encryption solution, you add a critical layer of protection in your security strategy.
- User Education and Best Practices: These technical tools are invaluable, but implementing these tools without making any changes on the ground floor ignores an organization’s employees. Train users how to identify suspicious emails and, equally important, encourage them to report any suspicious messages to your IT teams. While often associated as one of your weakest links, employees can become one of the most effective lines of defense to combat cyberthreats with consistent training and reinforcement.
No one can predict what the cyber landscape of 2018 holds. But by incorporating security tools and educating users, companies can ensure that their sensitive information — from intellectual property to login credentials to private conversations — is secure. In this way, they protect both their finances and reputation and avoid making themselves even more vulnerable in the New Year.
[su_box title=”About David Wagner” style=”noise” box_color=”#336588″][short_info id=’104280′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.