Despite the growing number of new threat vectors, email still remains the top choice of attackers. According to the 2020 Verizon Data Breach Investigations Report (DBIR), 96% of phishing attacks are delivered via email. Additionally, almost 60% of malware attacks happened via malicious email attachments or via malicious links in email.
It’s clear that email isn’t going anywhere as a threat vector. In 2020, credential attacks targeted at company insiders cost organizations an average of $2.79 million a year – or roughly $871,000 per incident. With the rise in remote and hybrid work structures, it’s more important than ever to empower your employees to use email and cloud-based tools freely, while protecting sensitive information and intellectual property (IP).
Identify Who’s At Risk
C-Suite and board members are often high-value targets within organizations. Their VIP status, access privileges, and insider knowledge make them desirable marks for cybercriminals. But these individuals aren’t always the same targets, who are attacked most frequently or who receive the high-severity, low-volume attacks, within your organization.
Your Very Attacked People (VAP) may differ from your VIPs, depending on a variety of factors. These could range from the industry you’re in to the employee’s specific role within your company. For example, an analysis of a healthcare services provider found a variety of lower-level staff members, as well as third-party contacts and general inboxes in this VAP mix. The HR team’s inboxes were targets for ransomware, since these employees are most likely to receive legitimate attachments.
Understanding your organization’s VAPs can go a long way toward protecting these users. The security team should make an effort to understand what types of information is publicly accessible to potential attackers, including:
- Email aliases
- Names, roles, and personal information about staff members
- Insights into travel and event schedules for particular individuals
- Staff members who have high-visibility social channels and post company business
This information can be used by attackers to target VAPs. A big part of preventing these attacks is informing users about how their publicly accessible information can be used against them. Since attackers often use multiple channels, layering email protection with a cloud app security broker (CASB) can provide critical intelligence into credential phishing, brute force attacks and malware threats targeting your VAPs and their cloud accounts.
Understand How Users Are Targeted
Two prominent types of email attacks that originate with phishing are business email compromise (BEC) and email account compromise (EAC). BEC attacks ask the victim to send money or personal information out of the organization. Attackers do this by spoofing a person in authority, such as a CEO or VP of Finance. EAC can occur if a threat actor successfully tricks a victim into providing their credentials or accesses an account through other means. If an account is compromised, it can be used to move laterally inside an organization, steal data, or fraudulently communicate with your business partners or customers.
Cybercriminals are increasingly blending their attacks to span email and cloud vectors, which means organizations need solutions that combine security across all channels. Advanced email security solutions can help protect against:
- Impostor threats
- Supplier fraud
- Advanced malware
- And more
Data breaches are a common end goal of attackers threatening your email and cloud accounts. This is where a consolidated data loss prevention (DLP) across email, cloud and endpoint can stop sensitive data and confidential information from leaking outside your organization. Email and cloud DLP solutions can accurately identify PII data (such as user credentials and social security numbers), financial information (such as credit card numbers and bank details) and intellectual property. On top of that, a CASB can secure access to cloud applications such as Microsoft Office 365, Google Workplace (formerly known as Google Suite), Box, 3rd party OAuth-enabled apps and more. End-to-end, integrated solutions can prevent attacks that span both cloud collaboration tools and email – both detecting threats and stopping data loss.
You can also help prevent user error in the first place with security awareness training.
Educate Users with Security Awareness Training
Security awareness training can help educate users and avoid common mistakes, such as falling for a phishing attack. Using simulated phishing attacks can help train users and even empower your team with the ability to report and eliminate phishing threats right from their inbox. Offering just-in-time training when your users fall for an attack makes it more real and actionable – helping them avoid similar scenarios in the future.
Beyond full-time employees, consider offering security awareness training to freelancers or third-party contractors with access to corporate systems. These workers are often a common part of the modern employment landscape, yet are often overlooked from a security perspective. Considering that three quarters of insider threat incidents are caused by employee or contractor mistakes and credential theft, having a well-trained team that’s vigilant of their own cybersecurity best practices could protect your organization from a costly incident.
Protection That Spans Multiple Channels
To sum it up, email intrusions can often provide attackers with access into personal email, credentials for cloud accounts, and more. This provides attackers with a greater potential for lateral movement into stores of sensitive data and IP, enabling data loss or financial fraud.
Given the breadth of attacks and the attackers’ final goal, security teams need to layer email protection with cloud threat protection to detect account compromises across channels. In the event that an account becomes compromised, secure access and web browsing controls can ensure that attackers don’t move on to infect other accounts. Finally, DLP capabilities at email and cloud layers can catch attackers before they finally exfiltrate sensitive data and intellectual property.
If you liked this Coachable Moment, check out our past post on avoiding insider risks from cloud storage and remote work.
Subscribe to the Proofpoint Blog