E-mail security has been a huge issue since the technology’s emergence in the mid-1990s, and for all of our tech sophistication and heightened awareness of the problem, it’s only gotten worse.
Cybersecurity specialist Kazpersky Labs, for example, reports that while the volume of spam dropped last year, the firm’s tracking showed a 59 percent jump in phishing attacks. But the bad actors are a creative lot – just when you think you have a handle on one e-mail scam, they change tactics and you have to adjust your defenses.
Throughout most of 2017, for example, the types of e-mail to look out for contained malicious URLs, linking back to sites hosting malware. Proofpoint found the volume of these e-mails jumped by 600 percent in the third quarter – a 2,200 percent from the same 2016 quarter. But by the fourth quarter, cybercriminals switched their preferred scamming methods from malicious URL use to messages carrying malicious attachments. The volume of these messages jumped by 300 percent during the fourth quarter from the third.
Keeping up is almost like trying to win at the whack-a-mole game.
It’s fascinating (in a train wreck kind of way) to look at the ebbs and flows of the scams that the bad guys use to convince people to act, and how adept they are at seizing on major events and issues to get past their guard.
Last year’s big opportunities?
The FIFA 2018 world cup preparation, giving rise to fraudulent, if official-looking messages about lottery wins and promising free tickets. And the cryptocurrency craze has provided a rich vein of blockchain-themed tricks, like malware-laden websites disguised as cryptocurrency exchanges. Another trick is malware in spam emails, billed to be utilities for earning Bitcoins.
There is a cost to all this. Phishing scams alone cost American businesses about $500 million a year. But there are a lot of impacts of cyber attacks – obvious and those beneath the surface – to think about, as a study by Deloitte showed.
The firm identified 14 cyberattack impact factors with direct and/or intangible costs that will add to the pain of a major cyber incident. The direct costs ranged from attorney fees and litigation to customer notification, and technical investigation to cybersecurity improvements. Beneath the surface? Operational disruption, for one. Then there are increases in your insurance premiums and the lost value of customer relations and contract revenue. It’s not a pretty picture for potential damage, Deloitte’s modeling showed.
Any number of solutions will help mitigate the risks that come with our increasing dependence on e-mail as a fast, efficient and inexpensive way to communicate with each other.
The best place to start is to make people aware and equip them to be on guard against malicious e-mails that might make their way into e-mail boxes. The tips bear repeating: Never click on a link or an attachment on an unsolicited e-mail. Always check the sender. Bad actors can be quite skilled at replicating logos to look like the real deal, but your bank is not going to ask you to share sensitive information like your social or account number or bank account password through this channel. And common sense applies. Offers that seem too good to be true usually are, especially if the outreach is out of the blue.
But e-mail security issues have a broad scope, and are an enterprise-wide concern. It makes a holistic, enterprise wide approach to secure messaging the imperative for any organization that exchanges sensitive information with customers.
The way of the future? Increasingly, it’s moving toward integrative solutions that enable users to control, track, share and protect sensitive business information as a means of heading problems off at the pass.