Emails are a necessary component in today’s business world and a point of concern for any IT department. Cyberattacks are becoming more frequent and damaging and one of the ways attackers gain access is with Phishing emails.
According to Verizon’s Data Breach Investigations Report for 2020, the top threat action in breaches is caused by phishing. The tactics used in these emails are becoming more sophisticated, making them difficult to guard against. CDOTrends.com lays out the types of email threats that are impacting businesses:
- Tricking users into divulging sensitive information through social engineering tactics
- Business email compromise where the scammer impersonates a member of the organization for the purpose of fraud
- Account takeover where the fraudster, after stealing login credentials, impersonates the account holder. “Gmail accounts are used to launch 47% of BEC attacks.” (Forbes-May, 2020)
How can an IT manager negate these nefarious ne’er-do-wells? RSISecurity.com has some guidance:
- Educate employees on what to look for when it comes to phishing emails
- Training employees about cybersecurity
- Keep employees up to date with periodic emails with tips on how to keep themselves and the organization safe
- Enforce strong passwords and email policies
There is only so much an organization can do to protect from phishing scams. PEBKAC errors are the grease that makes the IT department run (and die a little on the inside). As long as organizations have employees and those employees use email, there will always be a risk to mitigate.
2020 DBIR Results & Analysis. (n.d.). Verizon Enterprise. Retrieved June 30, 2020, from https://enterprise.verizon.com/resources/reports/dbir/2020/results-and-analysis/
Forbes-May, J. (2020, June 1). Beware of Increasingly Sophisticated and Costly Email Threats. CDOTrends. https://www.cdotrends.com/story/14861/beware-increasingly-sophisticated-and-costly-email-threats
Security, R. S. I. (2019, September 5). Email Security Tips for Employees: How to Keep Your Organization Protected. RSI Security. https://blog.rsisecurity.com/email-security-tips-for-employees-how-to-keep-your-organization-protected/