Email Security – Are you in the 8%?
92% of all cyber-attacks start with an email. There are two key actions you can take to help protect your business.
Over the last six months, we’ve been called in to help many organisations with their cyber security following a breach. It’s unfortunate, not only that the breach has occurred, but that the risk of it happening in the first place could have been greatly reduced with some simple steps, often using existing, in place solutions with the correct configuration.
The most common thing we see? Email being compromised. With the adoption of cloud-based solutions and remote access to on-premise email platforms, whilst great for productivity and resilience, if not appropriately secured can provide an easy in for attackers – and it’s on the rise. So why do attackers do it, and why should you be concerned about it?
Ultimately, for the vast majority of organisations, attackers are looking to monetise you in some way. What’s the easiest way of doing that? Asking for money. Enter the world of phishing and Business Email Compromise. According to Cofense, email delivers 92% of all cyber-attacks to organisations, with over 50% of malicious email being a ‘phishing’ attack. Once a user interacts with a phishing email, often by entering their username and password into a fraudulent site, an attacker will use those stolen credentials to remotely login to that user’s email. Once logged in, an attacker will start looking for invoices or other related business information to use or compromise.
Once an attacker has gained access to a victim’s email, we have commonly found the following scenarios:
- Forwarding rules setup to capture specific types of email, such as invoices or requests for payment
- Rules to prevent either outgoing or incoming payments from reaching the compromised users email account
- Once a payment request has been captured, either sending out or releasing to the compromised user a modified payment request, with new bank account details
- Direct emails to the compromised employee requesting transfer of funds to a new account
- Use of the compromised email account to send phishing emails to other people in the organisation, or to different organisations from a legitimate email source
- Use of a compromised email account to get other individuals inside or outside the organisation to download a malicious file, which has often contained a banking trojan or other malware designed to capture payment information or generate some form of income for the attacker
It’s also fair to say that attackers are becoming more targeted and are doing their research on their intended victims, at a business level, and at an individual level as well. Being prepared often results in a higher success rate for attackers.
The size of your business doesn’t matter
Largely, attackers aren’t concerned for the size or type of organisation either, effectively anyone with remote access to email is a potential target. I have seen large corporates with thousands of employees compromised in this way, as well as many SME organisations with anywhere from 50 to 500 staff.
Two things you can do
There is some good news. There are a range of technical and procedural controls you can implement to reduce the likelihood of this happening to your business. Here are our top two. Yes, just two key things you need to do:
- 1. Staff training and awareness. Ultimately, if nobody clicks on that phishing link or opens a bad attachment, then there aren’t any problems or compromises. This is a little easier said than done though, especially if you receive an email with an attachment from a known good source which has been compromised
- 2. Implement 2-Factor Authentication. Put simply, this is another way for you to authenticate with your email system, so even if someone does steal your username and password, without the 2nd factor authentication, they won’t be able to login
This isn’t everything you can do to limit cyber-attacks, as let’s face it, even if you aren’t a victim of invoice fraud, the attack has still cost you in terms of finding it, fixing it, changing passwords, IT time and of course a loss of productivity, but it would still be much better if you didn’t have to deal with it in the first place.
At Optimising IT, we have developed a range of solutions to counteract the threat posed from email compromise. Get in touch today to find out how you can improve your email security and to reduce the risk of this happening to your business.
Author: Todd Gifford, Certified Information Systems Security Professional (CISSP), Head of Consultancy at Optimising IT.