Why your email isn't as secure as you think it is

by Dan Maier

Anti-MalwarePhishingRansomware

Recent headlines are chock-full of reports of email phishing attacks by cybercriminals who outwit employees to obtain sensitive personal data and financial information. Under the guise of recognized web payment and productivity tool requests, hackers lure potential victims into clicking on fake email links that are designed to steal credentials or download ransomware.

Hackers often disguise these email requests as directives from upper management, knowing that most employees take email security for granted and will click the link. And while most traditional email security systems offer spam filtering and anti-virus protection, they aren’t fully equipped to guard your employees from today’s most prevalent internet threat—phishing attacks.

43% of SMBs surveyed suffered a phishing breach this past year

A recent study commissioned by Cyren and conducted by Osterman Research found phishing attacks to be the most successful against small- to medium-sized businesses (from 100 to 3,000 employees), with 43% suffering a phishing breach in the last 12 months and 75% reporting concern, or extreme concern, about malware infiltration through email—the #1 ranked concern.

Why email security is still a challenge

Spam filters and anti-virus scans are baked into most email security solutions and historically we’ve assumed that these tools adequately secured our email. But businesses remain vulnerable to email phishing attacks that circumvent network defenses and redirect users to web pages resembling trusted brand names. It only takes one employee to open an unknown email and download a malware attachment with a phishing URL to launch a ransomware attack, with an average loss of $25,000 to $75,000 per scam. Consider also that 25% of phishing sites disappear within 2 hours of their emergence—slow-moving threat updates to email security appliances are no match for such fast-moving threats. 

Phishing URLs were up 22% in Q3 2016

According to Cyren GlobalViewTM Security Cloud threat data, phishing URLs recently jumped 22%, with a net addition of nearly 1 million new phishing sites during Q3 2016. Meanwhile, email malware is up by a whopping 59% in Q3 2016, compared to Q2 2016. That’s a 10x year-to-date jump, due principally to consistent campaigns of Locky ransomware lasting five days of every week of Q3 2016.

With the rising incidence of ransomware attacks this past year, here are 10 steps you can take to protect your business from phishing attacks:

  1. Be suspicious of urgent email requests.
  2. Never give out sensitive info in email.
  3. Avoid clicking on links in email.
  4. Verify the validity of suspicious emails.
  5. Check the web address.
  6. Use an email security gateway.
  7. Use a web security gateway.
  8. Use endpoint security.
  9. Check your security hygiene.
  10. Train your employees to increase security awareness.

Email remains the single greatest threat entry point for any company, which requires a rethinking of email security for many businesses and a shift to big data-driven, multi-layered security solutions that effectively stop new threats as they emerge.


What to learn more about Phishing Attacks?
Download our Cyberthreat Report on Phishing

Want to learn more about cloud-based email security? Contact us here!

Go back