Are you next?
Nine out of 10 successful cyberattacks originated from a phishing e-mail, and 60% of SA organisations expect to suffer an email-borne attack. Are you prepared?
What is an email-borne attack?
An e-mail attack occurs when an e-mail is used to cause harm or damage to either an individual or an organisation.
The most common form of email-borne attack is called ‘phishing’.
· 9 out of 10 successful cyber breaches involved some sort of phishing and;
· 60% of organisations expect to suffer from an email-borne Attack.
What is phishing?
Phishing is a type of attack that is often used to steal user data, including login credentials and to implant malicious malware on a victim’s computer. The malware could be a backdoor, a ransomware or a virus.
Phishing occurs when an attacker, masquerading as a trusted person, tricks a victim into opening an e-mail and/or clicking on a link or attachment.
Did you know:
· Phishing has increased exponentially in South Africa in 2020:
· 58% of organisation saw phishing attacks increase.
· 30% jump in impersonation from January to April 2020
· 60% of respondents’ organisations were hit by an attack spread from an infected user to other employees.
What is malware/ransomware?
The term ‘malware’ refers to malicious software that damages devices, steals data, and causes chaos. The most common cause of malware is:
Many viruses are harmful and can destroy data, slow down system resources, and log keystrokes.
A backdoor, is a type of malware that manages to bypass security restrictions to gain unauthorised remote access to a computer.
Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key.
Did you know:
· 51% of organisations have been impacted by ransomware in the past 12 months.
What is the big deal? Why should you be concerned?
The costs implications (let alone the reputational damage – which can’t be measured) involved in an email-borne attack can be catastrophic for an organisation to the point that possible business closure can (and does) occur.
Fraud, system downtime, loss of staff productivity, loss of data, leaked/compromised data, regulator fines and reputational damage should concern all organisations of all sizes.
Did you know:
· The costs implications to organisations have been severe:
· 82% have experienced downtime from an attack.
· 3 days of downtime on average when hit with a ransomware attack.
· 60% experienced an increase in impersonation fraud in the last year.
· 31% of respondents experienced data loss.
· 31% impact to employee productivity
How can I prevent an attack from happening to my organisation?
Security measures such as spam filters, firewalls, and Anti-virus software although good to have, is unfortunately obsolete.
Did you know?
· 73% of hackers said traditional firewall and antivirus security is irrelevant or obsolete.
The best form of preventing this type of attack is:
· End User Training:
The end user is not only the last line of defence but the most effective defence. Training the end user through security awareness training is key in preventing this form of attack.
· End User Testing:
Although training the end user on a regular basis is good, it’s unfortunately not enough. The end user needs to be tested on a regular basis via a phishing simulation program for the training to be effective.
Phishing simulation programs help protect your organisation by exposing employees to fake phishing e-mails and seeing how they react. When phish testing is used in conjunction with end user training, phishing simulation technology can help you get a read on the effectiveness of your IT security awareness efforts.
Did you know?
· 55% of organisations do not provide awareness training on a frequent basis
· 21% of organisations offer training monthly – a timeframe experts consider the gold standard.
· 17% of staff are only trained once per year.
How can we help you?
We can offer you a complimentary phishing simulation to your organisation to provide a free Proof of Concept (POC) on your organisations resilience to email-borne attacks.
Furthermore, we offer security awareness training to all staff on a regular basis, with specific focus on the staff that have fallen victim to our phishing exercise.
Kindly fill out the below form to request your complimentary phishing simulation and one of our friendly consultants will get in touch with you.
For further reading on the above statistics, we provided in this blog, kindly follow the link to download your free copy of the Mimecast – State of Email Security 2020 Report