Standard Email Security Fails To Block Common Cyber Threats
Organisations are experiencing more email breaches more frequently.
More than 99% of organisations offer email security training to their staff annually and most organisations use at least one additional security tool to complement the basic email protections offered in common secure email platforms.
Yet, a staggering 89% of businesses experienced one or more successful breaches during the previous 12 months.
Whilst most businesses claimed that they hadn’t experienced a successful breach, it’s more likely they did, but unfortunately wouldn’t be able identify that one had taken place. Then there are those that could identify the breach, but the organisation has a non-disclosure policy about security breaches and couldn’t admit to a successful attack and sweep it under the rug.
Looking into the reality that there is an unfortunate scourge of breaches, it becomes even more vital to understand exactly where they are coming from, so that we can do what we do best. Here’s what we found:
Credential theft breaches increased by 49%
Credential theft involves stealing a victim's proof of identity, the attacker will have the same account privileges as the victim. Stealing credentials is the first stage in a credential-based attack.
Phishing breaches increased by 44%
Phishing is the most common type of email breach. 69% of organisations experienced at least one successful phishing breach during the past year, by entering their credentials or downloading fake files from a spoofed website or clicking malicious links. Current standard email security solutions are least effective against impersonation attacks involving internal staff and executives.
3.4 Billion Phishing Emails Are Sent Each Day Worldwide.
In a recent annual study by Terranova Security found 19.8% of end users who received a phishing simulation email clicked on the initial message’s phishing link. This study was testing to see if respondents would enter their credentials and download a fake file from a spoofed website. The study still revealed how easily end users were duped. Once a malicious link is clicked, it may already be too late.
Ineffective defences against email threats like phishing, business email compromise (BEC), and ransomware endanger your business and reputation and cost you time and money. It’s no wonder less than half of organisations believe their current security solutions are ineffective against email threats.
The Solution
Prioritise all of Your Passwords
Strong passwords are critical to preventing credential theft. They are the first line of defence against unauthorised access to devices and confidential information. The more complex your passwords, the more protected your business is from hackers and cyber threats.
Here are some essential tips to improve your password:
- Use a unique password for every account.
- Don’t use the same password across multiple accounts.
- Use at least 8 characters.
- Use lowercase and uppercase letters, numbers and symbols.
- Don’t use personal information like your name, age, birthday, child’s or pet’s name, or favourite colour/song.
- Avoid consecutive keyboard combinations like “qwerty”, “asdf”, and “1234”.
- Ensure no one sees you enter your password.
- Always log off/sign out.
- Avoid entering passwords on computers you don't control.
- Avoid entering passwords when connected to unsecured Wi-Fi connections.
- Never share your password with anyone.
- Change your passwords regularly, and don’t reuse old passwords.
- Never write down your passwords.
- Never give your Internet browser permission to save and store your passwords.
Securemail Premium
SYNAQ Securemail provides the ultimate line of defence against spam, viruses, phishing attempts and other email borne threats. And we are the only provider to have Service Level Agreement against leading banks in South Africa backed by our money-back guarantee.
We also include a number of additional features to form reliable, ironclad protection for your business communication and collaboration.
Identity Threat Protection (ITP): To combat the scourge of phishing attacks, ITP uses email security standards to secure the identity of email domains under the protection of SYNAQ Securemail and prevents spoofed emails from getting through.
ITP toolset provides an extra layer of protection from spoofed emails using the Sender Policy Framework to secure the identity of email domains protected by the Securemail Inbound service.
LinkShield: A Securemail Premium package feature, LinkShield helps to prevent users from clicking on malicious links in emails by checking them for URL-based phishing, ransomware and malware attacks when users click and advising whether it’s safe to proceed or not.
Data Leak Prevention (DLP): Another Securemail Premium feature, DLP protects against intentional and accidental data leaks by checking outgoing mails for keywords or phrases defined by you or regular expressions that indicate credit card numbers or SA ID numbers. It gives you the power to enforce security policies on outgoing emails, to quarantine or allow emails that have been flagged, and access detailed reports.
Two-factor authentication (2FA): Adds another layer of authorisation in addition to username and passwords. This feature gives Securemail users peace of mind knowing that their accounts are secure since 2FA via authenticator apps have been proven to prevent 100% of automated attacks, 99% of bulk phishing attacks and 90% of targeted attacks.
Your Final Defence Is Sitting Inside Your Business
Defining your organisational processes so employees know how to handle email threats and breaches, is a crucial step in developing and maintaining strong email defences.
Offering regular training to executives, managers, and employees on email threats like phishing, BEC, and ransomware helps mitigate the threat and frequency of successful email breaches.
We believe in a proactive approach toward cybersecurity. We encourage businesses to train employees at every level to be more vigilant.
As many as double or triple the number of messages are reported as suspicious after training. While only some of the messages reported as suspicious will be a threat. Employees are more decerning and learn to identify threats more accurately and more often.