New Insights On Email Threats To Businesses

Organizations and employees need to know the signals for these scams to help prevent a breach.

Articles published April 6, 2017 by Scott Hardee

Today, our email inboxes are flooded with spam, junk, and other unproductive information that’s not relevant to our business. On top of the useless emails we get, there’s also malicious activity, such as malware attacks or phishing, which try to trick you into clicking on fraudulent content.

In fact, these kinds of attacks are gaining in popularity. Symantec reports that there’s been a 55 percent increase in phishing campaigns, and CNN Money Report revealed that there are nearly one million malware threats released each day.

What does this mean? It means that hackers are getting smarter and more persistent. In addition, organizations and employees need to know the signals for these scams to help prevent a breach.

A recent Google Security Blog went in to detail about what specific threats plague both personal and corporate inboxes. Here’s what they found…

Most Popular Kinds of Attacks

Google identified phishing, malware, and spam as the most common types of email attacks. They then broke it down further, stating that certain inboxes were attacked more than others.

  • Corporate inboxes were more than six times as likely to get hit with a phishing attack, compared to a personal inbox.
  • Corporate inboxes were more than four times as likely to get hit with a malware attack, compared to a personal inbox.
  • Corporate inboxes were only 0.4 percent times more likely to get hit with a spam attack, compared to a personal inbox.

In all instances, corporate inboxes were more heavily targeted than personal inboxes. This shouldn’t be too surprising, considering the possible outcomes of infiltrating a business versus an individual.

Targeted Attacks by Industry

Google also broke down the various types of email attacks by industry.

Phishing Attacks Target…

  • Businesses (1.0 times as likely)
  • Nonprofits (0.5 times as likely)
  • Government (0.4 times as likely)
  • Education (0.3 times as likely)

Malware Attacks Target…

  • Nonprofits (2.3 times as likely)
  • Education (2.1 times as likely)
  • Government (1.3 times as likely)
  • Businesses (1.0 times as likely)

Spam Attacks Target…

  • Businesses (1.0 times as likely)
  • Nonprofits (0.4 times as likely)
  • Education (0.4 times as likely)
  • Government (0.4 times as likely)

As you can see, there are certain trends associated with the different types of attacks. For instance, malware predominantly attacks nonprofits, education, and government, while phishing and spam attacks mostly target businesses that don’t fall under the nonprofit, government, or education categories. This kind of information can help keep your employees aware of what they should be looking out for, and give you a better picture of where you need to bolster your security efforts.

What you can do About it

Along with getting the word out and making sure everyone is informed, here are two other effective ways to educate your employees and reduce your risk of a breach.

Social Engineering Assessment 

Another way to make sure you’re protected from social engineering attacks is to leverage an external social engineering assessment. The assessment will include a series of tests to see how easy it is to gain access to company networks and data.

All of these tests are done to determine how and where an organization is vulnerable to attacks. After the assessment is completed, organizations can take the necessary steps to mitigate exposure to many of the most common types of cyberattacks. In addition, they should communicate to employees how to make their workplace more secure and reiterate the information through additional training sessions.

Security Awareness Training 

A lot of breaches can be prevented if all employees are aware of the different ways that hackers try to manipulate them and access data. Making security awareness training a mandatory event for employees will be a huge benefit over time. Let this training time be a place where employees not only learn about the different kinds of cyber and social engineering attacks, but also show them how to thwart the attacks. Give concrete examples of actual threats, and possibly set up a test/false attack to identify employee behaviors and then additional training based on the outcomes.

The Safer the Better

Whatever your organization decides to do, it’s important to stay current on trends, and continually adapt your business practices to counter new processes and types of attacks. Ultimately, your investment of time and resources will be invaluable if, and when, cyber criminals try to infiltrate your network. Keeping your employee and business data secure through the right education and tools will set you up for safety, security, and success today and in the future. 

Are your employees aware of phishing, malware, spam, and other social engineering attacks?

Read our white paper: Enhancing Information Security In An Unsecure World

About The Author

Scott Hardee

Scott’s focused on figuring out what his clients issues are and working together to overcome those hurdles to provide the right solutions. With a focus on healthcare, CPA’s, nonprofits/charity, and general small to medium-sized business, he’s always working to build long-term re ... read more

See more by this author