We all take emails for granted, like TV and the telephone on your desk. We don’t ask how they work, we just use them, and so does everyone else in your organisation. They are convenient, fast, easy to use and reliable means of communication.
According to cyber security experts most cyber attacks start with an email message and a campaign of just 10 emails has a more than 90% chance of at least one person falling for it.
The crooks are very clever. They have had a lot of experience; they have expert advice on how to tempt a potential victim into responding to, say, a spear phishing attack, targeted at an individual or a small group, identified through other means – dumpster diving, a chat room, theft of identities from social networks, chat rooms, or names taken from a mailing list bought from a legitimate aggregator.
Cyber crooks today can afford to buy some of the best, if unprincipled, brains available – top hackers, talented statisticians and data analysts. Some of them rank as among the cleverest social engineers on the planet.
Any enterprise is potentially vulnerable unless they are prepared and protected, from a small SME supplier to the biggest corporations and governments. Most cyber attacks start with email messages seeking response from individuals they aim to turn either into victims or doorways into the digital systems of a company.
“Businesses often don’t realise that most cyber attacks start with an email message,” says Adrian Blount, director of cyber security products for BAE Systems Applied Intelligence, a global company that provides protection for email traffic for a global portfolio of clients ranging from governments and major corporations down to SBEs dealing with them.
“A campaign of just 10 emails has a more than 90% chance of at least one person falling for it. Whether this is a targeted spear-phishing campaign or a shotgun approach distribution of ransomware, the likelihood of success is unfortunately very high.”
One if the best defences for any company, large or small, is education of the staff, from the boss down. Tell them to be careful about the responding to emails, even some that appear to come from colleagues or friends. Set rules about passwords and set up rules about company data and how not to leak it.
Perhaps above all, consult an expert in the area about issues such as, for example, Zero Day attacks, highly sophisticated criminal invasions that are unknown or have not previously been seen. Detecting them requires skilled reverse social engineering; knowledge of the criminal mind and the patterns of the predators out there in the cyber jungle. Failing to see the leopard in the tree can be very expensive and damaging. Ask anyone who played on the Ashley Madison site and had their identities stolen.
By Ross Fastuca - CIO of Locomote