intelligent
// EDITOR ’ S QUESTION ?
ED WILLIAMS , EMEA DIRECTOR OF TRUSTWAVE SPIDERLABS
S ome of the most significant threats organisations face come in through email as it has a number of advantages as an effective attack vector for hackers , enabling them to surreptitiously launch threats such as spam , malware , phishing attacks , Business Email Compromise , account takeover and ransomware .
End users receive email messages whether they like it or not and email can be easily spoofed to appear legitimate .
Trustwave ’ s own 2021 Email Threat Report found that in 2020 the proportion of malicious attachments in spam increased , with widely used Microsoft documents , namely Word and Excel , being the most common way attackers delivered malware through email . What ’ s more , Business Email Compromise ( BEC ) scams had continued to have a significant impact on organisations .
Most recently , our research team discovered threat actors appending malicious files to an unsuspecting file format to evade detection and deliver info stealer Vidar malware to the user .
No matter the size of your organisation , protecting your email environment should be
“
NO MATTER
THE SIZE OF YOUR ORGANISATION , PROTECTING YOUR EMAIL ENVIRONMENT SHOULD BE ONE OF YOUR TOP PRIORITIES .
one of your top priorities . In order to protect the email attack surface there are a number of measures SMEs can take .
Firstly , keep software updated . Many email attacks succeed because of unpatched client software so keeping programmes , like Adobe Reader , fully patched is important . Ensure that good security practices like multi-factor authentication ( MFA ) and robust passwords are applied to email SaaS implementations . If appropriate , we ’ d also recommend that antispoofing best practices are applied .
Secondly , deploy an email security gateway to check potentially malicious or phishing links coming into corporate inboxes . Implementing software to catch malicious emails before they even reach employees is a very helpful and effective preventative measure .
Lastly , educate your users . Cybercriminals are masters of social engineering and their emails are becoming more believable by the day . It ’ s vital that organisations inform their employees on the nature of today ’ s email attacks to ensure they have their wits about them and know what to do should they find a suspicious email lurking in their inbox .
To take this a step further , conducting mock phishing exercises against your staff helps to demonstrate just how real the threat is while also highlighting how legitimate the emails can seem . �
“
CYBERCRIMINALS ARE MASTERS OF SOCIAL ENGINEERING AND THEIR EMAILS ARE BECOMING MORE BELIEVABLE BY THE DAY .
Intelligent SME . tech |
|
. tech |
23 |