Businesses today run on email—from internal communications to customer service. Unfortunately, this makes email an effective tool for cyber criminals. Without having proper procedures in place, such as advanced email security, these cyber threats can become a reality.
The Evolution of Spear Phishing
As a bit of history of these cyber attacks, phishing actually originated around 1995 (although in the past few years this has become a significant buzzword). At that time, people were not as reliant upon email for business. Therefore, they were not as aware of the risks of conducting business online.
The first phishers pretended to be AOL employees and sent messages to AOL users through the company’s messenger and email services. These emails would ask AOL users to verify their billing information, allowing them to steal financial information. The practice eventually spread beyond AOL and into the wider internet. Today, phishers send out mass emails. They typically contain a malicious link or attachment to trick people into providing their credentials or credit card information. These emails they are getting more sophisticated and difficult to determine if they are legitimate. Cybersecurity Ventures predicts that there will be a ransomware attack on a business every 14 seconds and will cost $11.5 billion annually by the end of 2019.
Spear Phishing vs. Phishing
Most people have probably heard of phishing, but many may not be aware of the difference between phishing and spear phishing. Phishers will send emails in bulk to a large number of people, but spear phishers have a much more targeted approach. Typically, spear phishing attacks are the product of extensive research on an organization. The emails are highly personalized, appearing to be a trusted executive of the company, a partner, or sometimes a customer. Common requests include wiring money or transferring funds into the criminal’s account.
Because the impersonation is much more realistic, many times the victim may think they are answering a legitimate request. In addition, spear phishing emails typically do not contain attachments, which in turn bypasses many email security solutions.
It Can Happen to Anyone
A common misconception about cyber attacks is that it only happens to large enterprises. However, small businesses are also targets. As threats are constantly evolving, technology must also evolve. Small and medium businesses may not have the IT budget to update equipment and staff personnel to provide a strong security posture that many large organizations may have. A 2016 study on SMBs and cybersecurity indicates that 55% of SMBs have experienced a cyber attack in the past 12 months. 50% reported having data breaches involving customer and employee information.
Protecting Your Business
The traditional email security platforms aren’t enough. It is important to have a layered approach to provide the advanced email security needed to prevent a cyber threat or data breach from happening to your company.
- Utilize a product that provides Advanced Threat Detection: For instance, Barracuda Essentials is one of the leading products to prevent phishing and other email-borne threats. Attachment sandboxing (Advanced Threat Detection), typosquating protection, as well as data loss protection and email encryption help keep sensitive information secure.
- Artificial Intelligence for Spear Phishing: Barracuda has another product known as Sentinel that uses AI to stop spear phishing and cyber fraud in real time. The service learns the behaviors and communication patterns of users to prevent and identify future risks.
- Security Awareness Training: Education for your user community is the most overlooked, yet most important aspect, of email security. Consistent training and simulated phishing emails give insight to high-risk individuals and provide ways to detect cyber threats.