With ransomware in the news, it can be easy to overlook other typical business email related threats such as phishing or other malware, cybersecurity specialist Hornetsecurity has warned.
“If you had to guess which cyber-attack flavour cost businesses the most money globally, most people would have said ransomware,” the company said in a blog post.
Most people remember the Colonial Pipeline attack shutting down gas access for the Eastern seaboard of the US for several days: that particular attack seems to have been the one that caught people’s attention, according to the Hornetsecurity team.
“Until last year, ransomware was however not the biggest cash cow for the criminals; it was business email compromise, and only last year, according to the latest FBI report, was that overtaken by financial fraud.”
And although most breaches involve external actors, almost one in five are inside jobs, according to several reports. Paying attention to internal risks from potentially disgruntled employees and so on is also important, said Hornetsecurity.
“Having a strong insider risk program is crucial, and it needs to be based on more than just data loss prevention (DLP) technical controls,” it said.
“Insider risk is a spectrum from someone inadvertently breaking a rule about emailing business data to a personal email address ‘to work at it over the weekend’ to inappropriate language, harassment, theft of intellectual property or sabotage.”
Diversity of attack vector and risk
A majority of breaches are caused either directly or indirectly by human error, which ranges from clicking the links in a phishing email or similar, or failing to properly deploy available cybersecurity solutions or follow policies to the letter when required, Hornetsecurity explained.
That’s before you consider that many cybercrimes likely go unreported.
“The takeaway here is to apply a zero-trust approach to securing your business, verifying each connection and authentication. Applying policies to only allow connections from managed devices is a good idea, or at least enforce stricter policies for personal devices,” Hornetsecurity advised.
“Since the primary vectors for the initial foothold are phishing emails, ensuring that as many of those as possible never reach your user inboxes is vital.”
Adopting a zero-trust approach to security from a vendor such as Hornetsecurity means that authentications and connections are checked and verified explicitly each time against a policy engine, rather than assuming connections on trusted networks are safe.
Additionally, “least privilege access” means ensuring users only have the access they need, while assuming that an attacker will sooner or late get in. Sufficient security must be in place that attacks can be caught fast, Hornetsecurity said.
The vendor offers a portfolio of Microsoft 365 focused cybersecurity solutions for security and backup of email in the cloud, including advanced threat protection, spam and malware protection, email encryption, and continuity of service.
( Photo by Jesse Collins on Unsplash )
