Want to know how email became the number one attack vector for cybercriminals?
Cybercriminals increasingly use new forms of identity deception to launch an email attack to target your weakest link: humans.
Call it a case of locking the back window while leaving the front door wide open. Throughout the last year, a number of reports have surfaced about sophisticated cyberattacks that are proving all too successful at circumventing the elaborate defenses erected against them.
Call it a case of locking the back window while leaving the front door wide open. Throughout the last year, a number of reports have surfaced about sophisticated cyberattacks that are proving all too successful at circumventing the elaborate defenses erected against them.
The secure email gateway (SEG) worked for decades, no doubt. It was truly the first line of defense against email-based threats that took advantage of people and technology to enable fraud. Those of us who have dedicated our lives to improving this industry are grateful for the work of companies like Symantec and Proofpoint, which have spent years protecting people and organizations from viruses and malware spread through malicious links and attachments.
DMARC adoption rose a tepid 1% in the first quarter of the year, with the rate of growth slowing compared to the last three months of 2018, according to our latest report on email security trends. That said, nearly 90% of Fortune 500 businesses remain unprotected against email-based impersonation attacks targeting their customers, partners, and other businesses. But Australian companies lead their peers around the world in putting the public at risk.
Enterprise email architecture is evolving, which is good news for cybercriminals. Legacy secure email gateways (SEGs) simply don't provide full protection from today’s evolving and costly attacks, and cloud-based email requires a new security approach.
Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics that cybercriminals leverage to obtain money or data via identity deception. Despite the evolution and repurposing of this suite of associated tactics, one constant has remained throughout—the correspondence between scammer and victim is done, almost without exception, over email.
Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation-based detection technologies, which later evolved into sandboxing and dynamic analysis and, for a time, were very effective.
Editor's Note: This article is Part 2 in a three-part series based on findings from the Q4 2018 Email Fraud & Identity Deception Trends report. Click here to read Part 1.
Recent Dark Web activity points to a boom in assaults against financial services organizations and their customers—and why advanced email attacks via business email compromise remain cybercriminals’ preferred point of entry
A 150% increase in cyberattacks in recent months may have financial services organizations focusing on protecting corporate systems while ignoring their Achilles heel—advanced email attacks that easily bypass cyber-defenses by targeting employees and customers.