No discussion around cybersecurity would be complete without taking some time to consider email as an attack vector. Emails are the most utilised communication tool in the world of business and are widely used by criminals to gain access to organisations’ systems. As such, organisations would do well to have a holistic and strong strategy to mitigate against email compromises and threats, says Armata’s Product Head, Richard Frost, who hosted one of the latest Armata industry webinars called Optimising Defences Webinar Snippet – Email Compromises and Threats.
Cybersecurity business Armata, led by industry heavyweight Caesar Tonkin, has been hosting a series of industry webinars in an effort to increase the knowledge pool in the country, as security experts work towards keeping their organisations safe.
Frost says that Mimecast’s State of Email Security 2023 report revealed some sobering findings about how email-based threats continue to plague organisations. “Organisations would do well to use the report as a guide to deliver continual improvements to their cyber resilience strategies,” he says. “The rise of collaboration tools and their associated risks, budgetary constraints which impact cyber preparedness, the need for cyber insurance, and the increasing use of artificial intelligence and machine learning are all key considerations for C-suites.”
He adds: “One of the key aspects of looking at email security is to try to avoid data breach. A data breach is where a threat actor can access data, copy it, steal it, or use it maliciously or sell to a third party. About 33-billion electronic records are expected to be stolen in 2023 at a cost of $8-trillion.”
Bringing the size of the threat home to the South African audience, Frost says: “The average cost in South Africa of a data breach for an SME is R5-million, and this rises to about R35-million on average for mid-sized enterprise businesses. Globally, the average cost of a breach is about $4,3-million, and when converted to rands the size of that figure is food for thought.”
He says that there is generally more awareness about ransomware, which is good because instances of ransomware are growing year on year. One of the biggest mistakes, he explains, is thinking your organisation is safe and unlikely to be targeted. “Yes, there are targeted attacks but there are far more widespread attacks – a numbers game.”
What happens once a business is breached? “It takes an organisation 212 days to detect a breach and then a further 75 days to contain it.”
He explains that the “terrible trio” at the moment are phishing, spoofing and ransomware. “Those three are the big ones at the moment and email is one of the biggest attack vectors,” he said.
During the webinar, Frost made the important clarification that essentially, a cybersecurity strategy is about risk mitigation, which is why working with the best possible expertise is essential. “Despite best efforts, there are things that we call zero-day attacks – the first time they have occurred, and so there is always a chance of a breach. It’s for this reason that cyber insurance is a key weapon in a cyber resilience arsenal. It is a safety net for the worst-case scenario and covers incidence response. But it’s not enough to stop there, cyber awareness and cultivating good cyber hygiene in the organisation is critical,” he says.
Frost explains that all organisations need email security. However, he says that if a malicious email gets through the cracks, employees need to be equipped to recognise it and not fall for the trap. Endpoint security and network security are two other non-negotiables, as are archiving and back-ups, incident response strategies and cybersecurity. “Many organisations choose to work with cybersecurity experts so that they can get on with the business of running their businesses with peace of mind that the best possible security plan is in place.”
Given Manzini, a business development specialist at Mimecast and one of the panellists in the industry webinar, reiterated Frost’s assertion that email usage is on the rise. “The most traffic you see coming into an organisation is coming in through email. Everyone is a target, the big fish and the small fish. We like to encourage organisations to be on top of the ABC – Awareness, Behaviour and Culture. It’s crucial to build a holistic plan with email security, such as Mimecast, to engage security experts such as Armata, and to continually work on awareness and user education.”
Jarred Beckley, also from Mimecast, is a technical presales engineer. He was asked during the webinar about the practice of whitelisting emails from trusted organisations. “An organisation should understand that it is easy to send an email from any domain if you know how to, so you should always be on the lookout for spoofing. Because of this, whitelisting should be as specific as possible, and validating email is crucial. And so, organisations must be highly specific about what to bypass while still maintaining a secure environment.”
The webinar, which is available to be watched for free on the Armata website went into great detail around trends and best practice regarding the shoring up of emails in light of the relentless attack of malicious threat actors. Armata, which is passionate about knowledge sharing, has hosted a series of webinars touching on various aspects of cybersecurity, all aimed at arming businesses with the right information as they build their cyber resilience strategies.