Email security threats that can ruin your company's holiday season
Most people understand that retail becomes a target for cybercriminals during the holidays. But even businesses not related to the retail sector will often find the holidays their most vulnerable time of year. After all, many individuals (that is, employees) are focused on wrapping up projects before the holidays truly start or are looking ahead to the coming year with the added distraction that the holidays bring.
Businesses need to protect themselves from potential cybersecurity threats during the busy holiday season -- many of which will come in the form of the world’s most commonly used utility, email. In this post, we will take a look at some of the biggest on-premises and cloud email security threats your business faces this holiday season.
Holiday Chaos = Big Opportunities for Cybercriminals
The holiday season creates an opportune time for cybercriminals. At the office, employees are often faced with end-of-the-year initiatives and larger overall workloads. Outside of the office, they are juggling holiday parties, travel plans, gift purchasing, and a plethora of other activities. In short, they are extremely busy, have limited time, and not as attentive as they normally would be. As a result, they become far more vulnerable. For example, employees may:
- Become lax with their password security and protocols
- Lose things like phones, tablets, or laptops that have company-related information on them
- Forward documents without properly password-protecting them
- Share information unthinkingly, without validating someone else’s identity or credentials
Email, however, is likely the most common way in which your company can be targeted by a cybercriminal. While it varies a bit by industry, employees will often have a lot more to do during this time of year, and in some cases get a lot more email than they normally would. Some of these may come in via their work email, but many more will come in from personal emails that are read on devices connected to your network.
This influx of email and the clever holiday-oriented email subject lines and content that criminals dream up this time of year increase the chance of an employee clicking on a malicious link or responding to a phishing email. Even if your staff is well trained, the chances that they will follow through on that training decreases when they are distracted or in a rush to get everything done before a holiday vacation.
Just as worrisome is when employees are traveling and unable (or unlikely) to access work email, which happens more often during the holidays. Cybercriminals like to wait for periods of time in which businesses are short handed in order to launch attacks. For example, a cybercriminal may use the acquired email credentials for a CMO when that person is out of the country (perhaps made plain by their automated away message). Knowing this, the criminal sends an email from the CMO’s account to the company’s financial department requesting a wire transfer, stressing end-of-year urgency to send the money immediately, a classic Business Email Compromise (BEC) scam. Since the real CMO is out of the country and not easily accessible, he or she may not notice the email exchange until back from their holiday, when it’s too late.
The Email Security Threats to Watch Out For This Season
Businesses need to be vigilant about their email security, as email is among the easiest and most popular methods of cyberattack. The high volume of these threats greatly increases the chances that your business will become a target.
In addition to the BEC scheme described above, here are some of the most common on-premises and cloud email security threats you’re likely to experience during the 2018 holidays:
- Phishing and malware-less threats. Traditional email security products (i.e., secure email gateways) can’t always detect phishing attempts. Phishing and other malware-less threats may be nothing more than a request for system credentials appearing to come from a trusted source. A rushed employee during the holiday season may not question whether the email was really sent by their boss. Moreover, social media has made it easier for bad actors to present themselves as individuals associated with a known business partner, supplier, or customer, as they can easily see a company’s connections.
- Ransomware. While it didn’t make headlines quite as much in 2018, Ransomware continues to be a threat. The cost of not being able to operate can be millions of dollars per day for a large business, and many small businesses are not able to survive a lengthy business disruption. Cybercriminals know that the holidays are a critical time for many businesses and therefore company execs will be more likely to pay the ransom rather than being shut down while they waste time (and profits) on resolving the situation.
- Malware. Distributing other types of malware, such as key loggers, cryptominers, credential stealers, and rootkits, also are a goal of increased threats during the holidays. The impact can be accounts that are compromised, confidential data that’s stolen, or network and system performance that’s degraded. While older malware threats can be easily identified through on-premises and cloud email security, newer and more advanced threats are more difficult to detect. If your business, like many, is particularly hectic during the holidays, malware could go undetected for some time.
Your organization has to protect itself from email security threats during the holidays. But it can be difficult to do so when your -- and your employees’ -- time and attention is elsewhere. An automated solution can help. Advanced, next-generation solutions don’t just identify traditional threats such as ransomware, they also can identify the hallmarks of phishing schemes and social engineering attempts, and identify when an "employee" may be compromising sensitive information.
Next-generation cybersecurity solutions are able to automatically strip out potentially harmful attachments from emails, thereby reducing the chances that your employees could accidentally fall victim to an attack that results in your network being breached. Further, should an attack still slip through, these solutions are able to detect the anomalous network activity, enabling your security team to quickly remediate these threats before they can do harm to your company’s network and your company’s sales. Through next-generation solutions that can detect email attacks, you can prevent disruption even when employees let down their guard.
Bert Rankin is Chief Marketing Officer at Lastline. He has over 25 years of experience successfully bringing enterprise solutions to market and has repeatedly demonstrated the ability to develop market-leading brands, dramatically expand the sales pipeline, and translate customer requirements into compelling products. Prior to joining Lastline, Rankin served as Chief Marketing Officer of ThreatMetrix, where he transformed the company into the leading online fraud prevention solution.