Think your users would never fall for an email scam? Think again.
According to Verizon’s Data Breach Investigation Report for 2017, two-thirds of cybersecurity breaches are caused by malware installed by malicious email attachments, and 43 percent of those attacks happen when hackers successfully utilize social-engineering tactics to breach company security.
“Confidential information in the organization needs to be kept safe,” I told an engaged audience at the recent Cyber in Business conference 2017 in Melbourne. “So when thinking about securing the perimeter, it’s about securing the data and personal data as well.”
The session included a live demonstration of how a hacker might go about gathering data about an employee of a target organization – showing just how easy it is to win the trust of users by email, get them to click on the attachment of a convincingly worded email, and execute an attachment that would infiltrate the company network and give hackers direct access to all of that company’s data.
‘Sure’, you say. ‘My users would never fall for that’.
Every company wants to believe its users would never knowingly fall for the tricks they receive in malicious emails – but breaches are still happening every day. And it’s understandable: although many malicious email campaigns are still run as ‘spray-and-pray’ exercises – often hastily assembled emails, with poor spelling and little personalization that are sent to massive numbers of recipients – online criminals have also become better at hiding their intentions in highly detailed, convincing ‘low and slow’ messages.
Spray and pray attacks typically emulate the billing emails sent by large and well-known utility companies, banks, or government agencies with which most recipients are likely to have some dealings. By including convincing designs and real logos, then lacing those emails with URLs that point to malware-ridden websites, attackers can install their malicious code if even one user follows the instructions in the mail.
Little wonder high-profile businesses are filling out their cybersecurity defenses and turning the tables on cybercriminals – who are using a steady stream of attacks to target email systems containing more confidential, business-critical information than ever.
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly