A recent report from Mimecast was released recently. It showed some current worries and issues that some 1200 IT decision makers have experience and concerns over, in particular Email Security
Over the last 12 months, 67% of businesses surveyed have seen an increase in Business Email Compromise (BEC) and impersonation (whaling) attacks and a staggering 54% increase in Phishing attacks on its users.
Business Email Compromise
BEC typically refers to phishing, spear phishing, invoice scams and other email fraud – think the requests from Apple or Paypal that ask you to visit a site that looks like the supplier but want to capture your credentials for criminal use.
Impersonation Attacks, or Whaling
This is all about an attacker impersonating a person in authority in your business. A typical example of this would be an attacker sending in to the business an email spoofed to look like it was from your CEO. The email is sent to the Head of Finance, with the CEO saying to them that they have signed a new contract with a new supplier, please pay £10k into this bank account by the end of the day.
There are a number of areas that businesses can look at reviewing and implementing to help, there is always a product or service available. When it comes to IT and email security, there is nothing that will be 100% effective.
When we consult with businesses, one of the simplest areas to review is user education. Educate your users and employees on the dangers of email borne attacks, and help them to recognise the indicators that something isn’t quite right.
Another area for review is processes and procedures around payments and financials. Make sure there are checks and processes in place, tested, that ensures that the correct payments go out, authorised, to the correct accounts.