The facts and figures are quite clear. We only need to look at the latest news headlines to witness the upwards trend of cyber threats that are facing individuals and organisations worldwide. From local councils to major corporations and government departments, no one is immune. We see evidence of this every day – from the recent cyber-attack in Melbourne, Australia, at the City of Stonnington Council, to Accenture’s $50 million dollar ransomware threat – cybersecurity is the number one threat facing businesses today. President Biden, in his address to the CEO’s of some of the largest corporations in the world, such as Google, Apple and JP Morgan Chase, urged leaders to up their commitment to cybersecurity, “The reality is that most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone…You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity. Ultimately we’ve got a lot of work to do”. It’s becoming more apparent that a cyber resilient culture within businesses is imperative.
Doubling Down on Email Security
As you’re reading this, chances are that you have either planned to check your email, waiting for an email or received this post through an email. It’s the primary means of communications for businesses of all sizes, and it’s not going away any time soon. In fact, we are becoming increasingly reliant on email as we move into hybrid and remote working environments. It’s not surprising then that email is the #1 delivery vector for cyber threats, with 9 out of 10 companies reporting that they are being impacted by phishing, ransomware, and similar malicious email threats every day around the world. It’s not hard for criminals to blast out emails masquerading as trusted and well-known brands, and then “play the numbers game”, waiting for your employees to click on an email or link which ultimately brings the business undone. Cybercriminals, through social engineering, are becoming rapidly more sophisticated when it comes to delivering email attacks via email.
It’s very clear that businesses then need to build up their cyber defences in-house, and soon. Cybercriminals are ready to pounce on the vulnerabilities of human behaviour when it comes to email communications. It’s easy for unsuspecting victims to fall for the tactics that cybercriminals use, and this could mean severe financial loss, reputational damage, and operational closure for businesses. Not a position anyone wants to be in. Take the recent ransomware attack in Ireland for example, on the HSE, with ransomware bringing the health system to its knees, impacting patients and staff, delaying life-saving operations, with an inability to access medical records and cancellations of crucial appointments.
Taking all of this into account, I was curious to do a temperature check, given the current climate of risk and hybrid working, and what seems to be an endless stream of cyber incidents.
I reached out to my LinkedIn network of industry professionals and leaders for their point of view. I posed the following question: What are the barriers preventing businesses from doubling down and layering up their email security? The results were surprising.
These were the results:
- The majority, 38% of voters, cited ‘Cybersecurity not a priority’ as the main reason why businesses were not investing in email security.
- 29% and arguably, this may be linked to the above result, thought that that leaders or C-Suite Executives were not concerned about email security.
- 19% believed that there was not enough budget allocated to add an email security solution to enhance existing defenses.
- 15% thought that training and education about email security (and perhaps cybersecurity in its entirety) was enough.
- Comments suggested that it’s difficult for leaders to know what cybersecurity protection measures should be implemented due to the mass amount of information provided by the media and advertisements from companies.
Should email security be a priority?
If you’re a business that relies on technology to conduct its operations, uses email or any cloud-based technology to run your daily operations, then you are simply not immune from cyber threats. And frankly, that means all of us. So, in simple terms, yes. Cybersecurity must be a priority.
I’m baffled to hear that cybersecurity is not a priority or concern amongst business leaders.
As a CEO, I have seen first-hand what a cyber-attack can mean for a business. My email security journey started when something as seemingly harmless as a simple email, delivered a cyber threat that shut down business operations in a flash. In a recent report by the Microsoft Digital Defense Team, it was found that “91% of all cyberattacks originate with email”. That is a staggering number and requires attention from business leaders. Don’t hesitate to implement a multi-layered approach to your tech & security infrastructure in order to protect the longevity of your business and staff. It’s worth it.
The growing number of C-suite executives being affected by email scams and cybercrimes is rapidly growing. Business Email Compromise (BEC) scams are becoming more sophisticated as cybercriminals conduct in-depth research into the business and employees, which is not hard to do considering the breadth of information that can be found online about individuals, particularly through social platforms such as LinkedIn. BEC crimes have resulted in almost $3.5 billion dollars in losses to individuals and businesses over the last couple of years, according to the FBI. The savvier the professional, the savvier the cybercriminal. However, leaders should not have to compromise on building a digital influence due to a lack of security, especially when it is readily available and cost-efficient to implement.
Previously, cybercriminals were spoofing emails from CEO’s or CFOs, now the research has become more calculated and multifaceted, with several phases of infiltration, including techniques like credential phishing. In addition, the top 10 most targeted industries are: Accounting and Consulting, Wholesale and Distribution, IT Services, Real Estate, Education, Healthcare, Chemicals, High Tech and Electronics, Legal Services and Outsourced Services. These industries all serve to make our daily lives function, with the impact of cyberattacks far reaching, long beyond its initial impact. From halting food supplies, to delaying emergency medical care and severe economic losses, the consequences are severe.
Surely then, doubling down on email security as part of a wider cybersecurity culture really is a ‘must-have’ and not a ‘nice to have’. Prevention, really is, better than cure.
Train your teams
If you want your team to participate in making the business safer from hacking and cybercrime, you must give them the knowledge to make good security choices. This includes being able to identify cyber scams when they receive them. It doesn’t just happen; it’s a matter of generating awareness throughout the entire team and empowering them to think of themselves as the first line of defence.
And, while 14% say in the poll that ‘Education & training is enough’, I don’t agree that any one measure can be solely relied upon. It takes a multi-layered, defense-in-depth’ approach. All it takes is one click, from one employee. We all make mistakes.
Ongoing education is key to enlightening your staff on the ground though. This may be in the form of workshops, meetings, guest speakers, cross-functional teams, tests, and plenty of resources available on your intranet, including weekly cybersecurity updates. You can refer to external resources as well. MailGuard’s blog, for example, is regularly updated with the latest email threats that we see popping up, along with thought leadership articles on the current cyber landscape and how to navigate it.
Fortify your defences
No one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a specialist cloud email security solution like MailGuard to enhance your Microsoft 365 security stack.
For more information about how MailGuard can help defend your inboxes, reach out to my team at expert@mailguard.com.au.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.