An estimated 306 billion emails are sent and received daily source. Now consider that a little over half of those emails are classed as spam. Your anti-virus system and inbox do their best to filter out the benign commercial, promotional and unwanted junk mail, but hidden, ever more cunningly within this almost unquantifiable amount of traffic are emails of a more malicious nature.
Increasing numbers of criminals are successfully exploiting email in order to launch cyber attacks on both businesses and individuals alike, capitalising on the uncertainty and confusion created by the Covid-19 pandemic. These emails can, at first glance, look trustworthy, which leads to users clicking on a link and permitting a security breach.
As a result, it’s increasingly important to understand the possible threats to your security, which we advise on below, and to adopt a proactive approach to email security.
Our tailored services provide anti-virus software solutions, security and peace of mind for both your business and residential systems. Contact one of our cybersecurity professionals to find out more.
Inbox cyberthreats and the methods used by criminals
Cybercriminals exploit and attack flaws in your security system, also known as vulnerabilities. Understanding the different types of cyberthreat, and the method(s) of attack used to implement them is fundamental to bolstering your cyber security.
Here, we will identify some of the most common cyberthreats originating from your inbox, as well as the legal, economical and social impacts of subsequent security breaches.
The aims and nature of these threats vary, and there are often multiple motives for cybercriminals interlinking attacks.
Phishing, Spear Phishing and Business Email Compromise (BEC)
Phishing is an example of social engineering by which criminals aim to fraudulently obtain sensitive data. Predominantly experienced in the form of emails (or pop ups) appearing to be from legitimate sources, they generally request the verification of personal information.
As technology becomes increasingly sophisticated, so too does the complexity of email scams. Google suggested that 68% of the ‘phishing’ emails blocked by Gmail in 2019 had never been seen previously.
Phishing campaigns are sent to large numbers of recipients whilst spear phishing refers to highly targeted attacks on individuals or businesses. 91% of targeted attacks begin with a ‘spear phishing’ email according to TrendMicro.
Business email compromise (BEC) refers specifically to a specialist form of phishing whereby hackers pose as senior colleagues (CEOs for example) in order to defraud employees, customers and partners.
Spoofing and pharming
Similarly, spoofing is an act of deception used by cyber criminals in order to gain illegitimate advantage over a corporation or individual. Often used in conjunction with phishing, email spoofing is the act of using a fake, or ‘spoofed’ email header to fool recipients as to its legitimacy.
These emails often contain malware which is designed to not only infect your machine, but spread across entire networks.
Pharming (also known as IP spoofing) involves the replication of a legitimate website. It is closely tied with phishing and spoofing as links within emails will often lead to malicious websites, which are again designed to harvest sensitive information.
Malware, viruses and ransomware
Malware (Malicious Software) is a broad term which refers to code typically used by cyber attackers in order to gain access to networks, destroy/disrupt systems, or to corrupt data.
Viruses are a specific form of malware, defined by their ability to self-replicate by inserting code into other programs.
Ransomware, another form of malware, essentially holds the data of an individual or business at ransom. It does so by encrypting the data and restricting access until said ransom is paid. During the first half of 2019 the number of ransomware attacks in the UK soared by 195% (source).
In 2019 94% of all malware was delivered via email (source).
The human factor
Whether improperly trained or dishonest, both current and former employees potentially pose a risk to your cyber security. ProofPoint’s Human Factor 2019 report stated that more than 99% of cyberattacks require human interaction to succeed, and according to Verizon 34% of data breaches involved internal actors.
From a personal or business perspective this can be devastating. Cybercriminals, having successfully collected sensitive data, are able to assume the identity of victims with numerous potential consequences. In addition to the financial cost of fraud, consider the damaging effect of an account takeover (ATO) of a business or corporation. Simultaneously both company and customer can be exploited.
Reputations at risk
The repercussions of a security breach in which customer data is lost or compromised is going to be detrimental to the reputation of any business. Loss of consumer confidence equates to gross financial losses.
Additionally, any disruption to services is likely to have a similar effect. Denial-of-Service (DoS) attacks aim to do just this, flooding networks or servers with information causing them to crash. 51% of businesses experienced a DoS attack in 2018 (source).
The legal and financial ramifications of General Data Protection Regulation (GDPR) violations are also considerable. In its first year there were 144,000 complaints filed with various GDPR enforcement agencies and 89,000 data breaches recorded.
Worryingly, as of 2018 a study showed that only 50% of companies believed that they were GDPR compliant.
Since 2015 it’s estimated that cybercrime has cost UK businesses in excess of £87 billion. This figure includes the funds extorted from victims, as well as fines incurred for breaches of compliance and the cost of downtime or disruption to services.
Cybercrime is perhaps the single greatest threat to your home or business security in the modern world
To give some context as to the likelihood and severity of these threats, it’s estimated that on average hackers attack every 39 seconds, or 2,244 times a day. (source).
Perhaps even more concerning is the data collected by IBM. The average time for a breach of security to be detected was 206 days, with the average time taken to contain the breach at a staggering 314 days.
Make cyber security a top priority
- Anti-virus installation
- Personal data and identity protection
- Installation, upgrades and maintenance of software
- Solutions in the occurrence of a threat
- Ongoing health checks
As we always look to further build upon our security offering, we have recently launched two new products to clients – Dark Web ID and BullPhish ID – which are highly effective solutions in addition to our partnership with ESET:
- Dark Web ID – an award-winning, proactive dark web monitoring service to protect customers from data breaches, including monitoring for stolen credentials
- BullPhish ID – provides simulated phishing attacks and cybersecurity awareness training to reduce human error
To speak with a member of our team about how best to protect your home or business call us on 01403 290321 or 01293 912321. Alternatively, complete this form and one of our cybersecurity experts will get back to you.