Cape Town – Cyber criminals are increasing in sophistication and scale of attacks delivered primarily via e-mail, says a security company.
According to Mimecast, cybercrime in 2016 will follow from a successful 2015 which saw a number of large scale breaches.
“In 2016 we can expect the attacks to continue and to see even more advanced attacks like spear-phishing where victims are specifically targeted using their personal information. And the level of sophistication the criminals use to dupe us is also rising,” said managing director Brandon Bekker.
He said that the company’s research showed a 55% increase in “whaling attacks” – personalised e-mails that target the finance and accounting departments in organisations.
“The barriers to entry for whaling attacks are dangerously low. As whaling becomes more successful for cyber criminals, we are likely to see a continued increase in their popularity, as hackers identify these attacks as an effective cash cow,” said Bekker.
Here are Bekker’s six tips to protect your email:
- Education of senior staff
“Spear phishing and whaling attacks are so effective because they target named individuals within an organisation. Often, they appear to come from a trusted colleague. Whaling in particular is the result of careful social engineering.”
Bekker added that senior managers in particular should be trained to delete suspicious e-mails.
- Defend your domain
“Domain-spoofing constitutes 70% of whaling attacks, so it’s important to use e-mail security services that review domain links.
“Also consider registering top-level domains that look or sound like your own so that hackers can’t exploit a similar domain name in an attack,” said Bekker.
- Make your mark internally
“Most whaling e-mails are designed to look like they come from the CEO or CFO. One simple trick to mitigate this is to use e-mail stationery on all e-mails that alerts employees to e-mails originating outside the corporate network,” Beeker added.
- Consider all your platforms
The rise of Bring-you-own-device (BYOD) means that employees access corporate e-mail from mobile devices outside the organisational structure.
“The lines between personal and corporate devices are beginning to blur thanks to BYOD and your security practices need to account for that. Whatever e-mail security technology and procedures you have in place, make sure they’re also optimised for mobile use,” said Bekker.
- Hack yourself
Organisations should ensure that they grow a security mind-set by looking for holes in the network.
“The trick is to find those gaps before the bad guys do. It’s advisable to carry out regular tests within your organisation to identify vulnerabilities. And don’t limit this to your IT systems - test your human firewall too. Look for ways to test your employee base regularly in a safe environment to support your security education programme,” Bekker advised.
- Review and revise
“Conduct a thorough audit of your finance departments’ authentication procedures. Cyber criminals excel at taking advantage of unsafe processes, so consider revising how financial transactions with third parties are conducted,” said Bekker.
- Follow Duncan on Twitter