FEATURE: THREAT ASSESSMENT
//////////////////////////////////////////////////////////////////////////
Email continues to be
one of the key attack
vectors for cybercriminals,
according to recent
research. Fady Younes,
Cybersecurity Director,
Middle East and Africa,
Cisco, tells us what the
main risks are and how to
mitigate these.
W
What are the most common
problems and risks for
businesses regarding
email attacks?
In May 2019, over 85% of all email was
spam. Email continues to be the number
one vector for malware distribution and
phishing, with many cybercriminals
intending to exploit sensitive information
and commit fraud.
Cisco’s 2019 CISO Benchmark Survey
discovered that 56% of CISOs find
defending against user behaviour ‘very
challenging’, with security concerns being
graded higher than other worries including
public cloud and mobile device.
A total of 70% of CISOs polled admitted
that protecting against email threats is
becoming increasingly difficult, while 75%
experienced operational impacts as a result
of criminal activity.
Scams such as Office 365 phishing have
enabled cybercriminals to steal sensitive
data, using fake sites that mimic the online
platform to trick users into giving away their details. A total of 27%
of advanced email attacks are launched from compromised email
accounts, up 7% from the last quarter of 2018.
The CISO Benchmark Survey also found that two thirds of business
email compromise (BEC) scams still use free webmail accounts, with
28% tailoring their attacks using registered domains to trick users.
Becoming increasingly sophisticated in their approach, one in five
BEC emails also include the name of the targeted recipient, creating
a perceived level of authenticity.
The consequences of malicious emails and cybercrime affected 47%
of CISOs financially, indicating the importance of education and
safety when working online. In 2018 alone, there was US$1.3 billion
in losses worldwide due to BEC scams.
Defending against
email security threats
34
INTELLIGENTCIO
www.intelligentcio.com