E-mail compromise still accounts for around 90% of breaches that occur within business on a daily basis, something that, in most instances, can be blamed on user error.
“New and evolving threats are landing in users’ mailboxes daily, particularly within the hybrid workforce context, often using phishing campaigns that rely on clever techniques and panic to get users to click on links and share credentials or sensitive information, such as banking details,” explains Gideon Viljoen, Pre-Sales Specialist: ICT Security at Datacentrix, a leading hybrid ICT systems integrator and managed services provider.
“US wireless network operator Verizon confirms in its Data Breach Investigations Report 2023 that 74% of data breaches (three out of four) involve a human element, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering.”
Social engineering is a lucrative tactic for cyber criminals, the report says, especially given the rise of those techniques being used to impersonate enterprise employees for financial gain, an attack known as business e-mail compromise (BEC).The median amount stolen in BECs, it reveals, has increased over the last few years to $50,000 USD, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting incidents – a specific type of social engineering attack – nearly doubling this past year. With the growth of BEC, enterprises with distributed workforces face a challenge that takes on greater importance: creating and strictly enforcing human-centric security best practices.
Fighting fire with fire: User training and next-gen technology essential
“With a rapidly evolving landscape, changing attack strategies and new compromise techniques being introduced daily, it is imperative that users are trained and kept up to date on the latest campaigns and techniques being used,” says Viljoen.
“This is the most effective way of ensuring a more secure environment, with users acting as a ‘human firewall’ for organisations, and being able to spot, report and block compromise attempts. User awareness training is an excellent proactive option to assist e-mail gateway administrators and engineers in staying on top of campaigns and potential breaches.
“And further to this, a collaborative workforce between machines and humans is key to successfully stem the attack on organisations, with the use of AI (artificial intelligence) additionally providing a smarter, faster approach to protecting against e-mail phishing and breaches.
“AI is being used increasingly to run phishing campaigns and information collection, doing the heavy lifting on behalf of threat actors. A good example of this is how AI-powered chatbot ChatGPT has been used to help less-skilled cyber criminals to write malware and launch cyber attacks.
“So, having a technology in place to combat this is a necessity, and businesses cannot rely on a human alone to be able to administer and catch these threats.”
IBM’s recently launched Cost of a Data Breach Report corroborates this statement, affirming that AI and automation have had the biggest impact on speed of breach identification and containment for studied organisations. The report says businesses making extensive use of both AI and automation experienced a data breach life cycle 108 days shorter than those companies that had not deployed these technologies (214 days versus 322 days).
According to the 2023 report, the incident costs shouldered by those organisations that were using AI and automation were significantly lower; on average, nearly $1.8 million lower data breach costs than organisations that didn’t deploy these.
How to protect business e-mail
The best starting point for a business’s e-mail security, according to Viljoen, is to invest in an e-mail gateway solution.
“In fact, Datacentrix’s recommendation is that organisations implement an e-mail gateway solution as a first priority before looking at any other security product.”
With several toolsets available on the market, finding the best fit for your organisation is key, Viljoen clarifies. “There are full enterprise solutions, as well as small-to-medium business e-mail offerings available to provide a secure e-mail environment. These solutions offer reactive, real-time and proactive response solutions to secure the gateway.”
They also encompass a variety of functionalities that address the diverse aspects of an e-mail gateway, namely:
- Spam filtering and blocking
- Stationery (e-mail signatures and campaigns)
- Anti-phishing (known bad threat actors)
- Sandboxing (‘detonation’ of suspicious e-mails found)
- Zero day protection (behavioural or unknown/untrusted e-mail domain)
- Data leak prevention (internal and external sharing of sensitive information)
- E-mail blocking (verification, blacklisting, whitelisting)
- User awareness training and campaigns (helping users to keep up with phishing techniques and how to defend against those)
Ensuring the gateway is configured and maintained from the start is critical, with the requirement that a specialist, either an internal engineer or an expert managed services provider, enforces the policies and rules and maintains best practice standards.
“Once you have the right technology in place and capabilities are procured and enabled within the organisation, the next step is to see that the policies and rule sets are updated, checked and verified in a cost-effective way to ensure losses are minimised. Running best practice assessments on policies and rules on a frequent basis is also vital to ensure a secure gateway.
“Finally, it is critical to utilise tools, such as pen testing and auditing, to ensure that the environment is hardened and stringently tested at frequent intervals.”
Contact
For more information, please contact Francois Jacobs, Business Unit Manager at Datacentrix by emailing [email protected]