Email is still the top security vulnerability and the email threats are expected to increase in the coming days and months. According to a survey, 83% of all the email attacks analysed are focused on brand impersonation and the finance departments are the most targeted by email-borne cyber-attacks, according to 57% of respondents. However, 32% said customer support was their most attacked department, which could indicate a new trend for would-be attackers. However, it has cautioned that switching to instant messaging is not necessarily a solution in the longer term. This “new normal” has catalyzed the adoption rate of digital technology in both India and globally. Work from home (WFH) and prolonged lockdowns have taken almost every interaction, engagement and transaction online, and increased the vulnerability of businesses to cyber-attacks.
Despite the advancement of security systems today, phishing continues to be one of the most common threats experienced by enterprises. While the scenario continues to change, hackers and threat actors continue to stay busy too. For attackers, this is an opportunity. They continue to seek and take advantage of the disruptions – whether it is a natural disaster, major business adversities, government unrest or as in this case, a global health crisis. A significant percentage of employees working from home were not necessarily in a secure environment. The risk is higher as a huge amount of data is vulnerable to external servers.
Secondly, with the growing number of online communications, email remains a top security concern or for some a weakness in 2020. When it comes to email security, classic measures like the latest antivirus software will never block cyber-attacks especially advanced social engineering attacks. Currently more than 90% of cyber attacks have been launched by an email and email is still the weakest in the security chain.
The cyberspace in India needs to always be on high alert, and organizations need to be on the look-out for two escalating risks brought about by this evolving event. First, the large increase of phishing and social engineering campaigns that use public fear to enhance their effectiveness. Second, the increased risks due to Work From Home employees and an increase in online transactions. Staring from healthcare to logistics, every industry is impacted by the threat to their data. In this current situation, when there is a pool of information that is passed through emails and the cloud, healthcare operations, related manufacturing, logistics, and administration organizations, as well as government offices involved in responding to the crisis are increasingly critical and vulnerable to disruptive attacks such as ransomware.
The threat is induced as cyber espionage actors are seeking to collect intelligence and to deliver malware in an effort to establish a foothold into the corporate network through phishing tactics. This could lead to affecting an entire security system with just a click.
As email is a primary attack vector, organizations must continue to focus on both building user security awareness and hardening their technical mitigation and detective controls. Today, both organizations and individuals need to be well versed with the measures to be taken in order to protect and secure data from external threats which could impact internal systems and operations. In an ever-mutating threat landscape, a robust security awareness program remains a key defense tactic in protecting against email-based phishing threats.