Every day we read of yet another business being compromised in the news, and we know that so many more incidents are unreported. The big incidents, like Kaseya and Colonial Pipeline, are only the tip of the iceberg. So, it concerns me that there isn’t more urgency to boost cyber security for business. And more specifically, with 9 out of ten cyber-attacks starting with email, do businesses know they can be doing more to keep their teams safe?
It’s what keeps me up at night, and I’m sure many of you share my concern. It motivated me to pose this question in a poll on LinkedIn:
What are the barriers preventing businesses from doubling down and layering up on their email security?
The response is frightening. My read is that more than 80% of the business leaders and Infosec professionals that responded are effectively saying that email security is not a priority.
29% say that ‘C-levels are not concerned’! As a business owner and CEO myself, I simply cannot fathom this response. Either those leaders are unaware of the current threat landscape, or the people that they are empowering to manage the security of their data and assets are not clear on their priorities. A cyber incident, be it ransomware, a data breach or major financial loss from a supply chain attack, can devastate your business. How then could any C-level not be concerned?
38% say ‘Cybersecurity is not a priority’. I can only conclude that businesses are so overwhelmed by the current pandemic, that any priority beyond daily business operations is considered too much. Of course, we all understand the pressure that businesses are under at the moment, but it doesn’t excuse the fact that cybersecurity must remain a top priority. With most teams working remotely in some form, the current climate makes for a fertile hunting ground for cybercriminals. It’s more the reason why those businesses should be reaching out to you as a partner to bolster their capacity, to ensure that their defences are maintained. You can use this as a discussion starter with your customers to gauge their priorities.
15% say ‘Training and Education is Enough’. Businesses can only benefit from more knowledge about cybersecurity and the current threat landscape, to help their teams make better security choices. It’s why my team continue to update the MailGuard Blog with examples of some of the zero-day threats that we’re intercepting, along with thought leadership posts to help businesses navigate the cyber-risks.
That being said, I don’t agree that training and education alone are enough. It takes a multi-layered, defense-in-depth approach. Our teams are our front line in the battle against cybercrime, but they are also our weakest link. All it takes is one click, from one staff member. Human error is natural, and we need technology to reinforce those defences to minimize the risks.
It’s no mystery that doubling down on email security – amidst the inevitable challenges of the pandemic – is necessary. As we are aware, email is the primary means of communication for businesses of all sizes and it’s not going away any time soon. In fact, we are becoming increasingly reliant on email as we move into hybrid and remote working environments.
The facts are clear, email is the #1 delivery vector for cyber threats, with companies reporting that they are being impacted by phishing, ransomware, and similar malicious email threats every day around the world. We know that it’s not hard for criminals to blast out emails masquerading as trusted and well-known brands, and then “play the numbers game” – waiting for customers, and their staff to click on an email or link which ultimately brings the business undone.
We only need to look at the latest news headlines to witness the upwards trend of cyber threats that are facing individuals and organisations worldwide. From local councils to major corporations and government departments, no one is immune. We see evidence of this every day – from the recent cyber-attack in Melbourne, Australia, at the City of Stonnington Council, to Accenture’s $50 million dollar ransomware threat – cybersecurity is the number one threat facing businesses today. President Biden, in his address to the CEO’s of some of the largest corporations in the world, such as Google, Apple and JP Morgan Chase, urged leaders to up their commitment to cybersecurity, “The reality is that most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone… You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity. Ultimately we’ve got a lot of work to do”. It’s becoming more apparent that a cyber resilient culture within businesses is imperative.
A recent report by the Microsoft Digital Defense Team, found that “91% of all cyberattacks originate with email”. That is a staggering number and requires attention from business leaders.
The growing number of C-suite executives being affected by email scams and cybercrimes is rapidly growing. Business Email Compromise (BEC) scams are becoming more sophisticated as cybercriminals conduct in-depth research into the business and employees, which is not hard considering the breadth of information that can be found online about individuals, particularly through social media platforms like LinkedIn. BEC crimes have resulted in almost $3.5 billion dollars in losses to individuals and businesses over the last couple of years, according to the FBI. The savvier the professional, the savvier the cybercriminal. However, leaders should not have to compromise on building a digital influence due to a lack of security, especially when it is readily available and cost-efficient to implement.
Previously, cybercriminals were spoofing emails from CEO’s or CFOs, now the research has become more calculated and multi-faceted, with several phases of infiltration. In addition, the top 10 most targeted industries are: Accounting and Consulting, Wholesale and Distribution, IT Services, Real Estate, Education, Healthcare, Chemicals, High Tech and Electronics, Legal Services and Outsourced Services – industries that as partners we deal with daily and who serve to make our daily lives function.
Surely then, doubling down on email security as part of a wider cybersecurity culture really is a ‘must-have’ and not a ‘nice to have’. Prevention really is better than a cure. Even the 19% of respondents that cited ‘Lack of Budget’ should be urged to re-consider. The cost of an incident will be much more devastating.
I hope this poll provides you with an added stimulus to re-engage with your customers to discuss their business priorities, and what more can be done to secure their users inboxes. Many businesses feel the Microsoft 365 security stack alone is sufficient, or that training employees to identify threats will be enough. Sadly, we know that’s not the case. Adding a specialist layer of email security like MailGuard, to further enhance their email security and protect against advanced zero-day ransomware, phishing and sophisticated BEC attacks should be a mandate in these times of heightened risk.
As partners, I would love to know your thoughts, what do you feel are the barriers stopping businesses from layering up on their email security – and more importantly – what do we need to do to encourage customers to strengthen their defences?
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 282 2
UK partners call 0 800 404 8993