Cyber attacks on the decline
Businesses and professionals can suffer very serious consequences following a cyber attack via email. According to Proofpoint’s recent “2023 State of the Phish” report, in fact, the 79% of companies have suffered at least one cyber attack via email in the last 12 months, which led to approximately 7% of financial losses; while the potential average cost for the most costly attack is over 1 million dollars.
According to what emerged from the report and also reported by Ansa, in 2022 there were over 18 million emails reported by users and 135 million simulated phishing attacks sent in a period of one year.
In addition to the heavy economic costs, the damages most frequently reported by companies are downtime and interruptions to activities (44%), the loss of sensitive, confidential and business critical data (43%) and the damage caused to brand reputation (41%).
Additionally, regardless of company size or industry, organizations where remote workers account for more than half of the total have higher levels of risk or have incurred greater recovery costs. More generally, most businesses do not feel prepared enough to handle the threat of malware and viruses (34%), advanced email attacks such as account takeovers (30%) or scams such as business email compromise (28%), or even simpler threats such as spam (28%).
Solutions to defend against email attacks
On the other hand, today more than ever, e-mail is the perfect vehicle for attacks launched by cyber criminals, which is why IT and cyber security professionals, but in general all those who want to protect their personal and business data, must pay constant attention to the evolution of security threats such as phishing, ransomware and more.
Therefore, in addition to monitoring the context and dangers coming from the outside, it is important to adopt some best practices to minimize risks and exposure to cyber threats, as well as the impact of an attack. How to do it? Let’s see 5 recommended practices:
- Increase email security levels: although most companies today have anti-spam and anti-malware filters, these systems are not always configured correctly to block malicious messages effectively. It is therefore essential that email gateway settings are checked regularly to ensure optimal performance. Security must always evolve alongside threats. Scammers continually adapt their email attack tactics to evade spam gateways and filters, so it’s crucial to have an up-to-date solution that can detect and repel targeted phishing attacks. Companies also need to integrate gateways with machine learning technologies that do more than just identify malicious links or accusations;
- Protect user access: An effective method is to use multifactor authentication, as it provides an additional level of security that complements and complements username and password protection. The adoption of an evolved Zero Trust strategy, in which user access to resources is constantly verified, is also useful for protecting access to one’s systems and reducing exposure to attacks using lateral movement techniques;
- Automate incident response: An automated incident response solution helps quickly eliminate any detected threats from users’ email inboxes, thus streamlining remediation for all subsequent email messages;
- Increase cybersecurity awareness: Raising user awareness about spear phishing attacks should be part of the training process to increase cybersecurity awareness. It is important to ensure that employees are able to recognize these attacks, understand their fraudulent nature and report them. All users can be «trained» to identify attacks via a phishing simulator via email, answering machine and text messages, which tests the effectiveness of the training and identifies the users most vulnerable to attacks;
- Secure all data and back it up: For many businesses, data loss is one of the primary consequences of an email attack. That’s why data must be properly protected, isolated and backed up. Furthermore, you must ensure that the backup data allows for recovery in a reasonable time.
The importance of a Cyber Risk policy
It is therefore clear that email-based attacks are set to become increasingly sophisticated, capable of increasingly leveraging AI and advanced social engineering to try to circumvent security measures and obtain the data or access they desire.
However, it is possible to safeguard your sensitive data from this type of cyber attack by adopting one Cyber Risk policy. This coverage allows the insured to protect himself from cyber attacks and the resulting expenses and losses of data and confidential information. Furthermore, this coverage provides expert intervention for the recovery of lost data and decontamination from any malware. All these are services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also offers its customers the possibility of taking out a Top version of the policy, which provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company’s image.
Increasing awareness and knowledge of email-related risks and increased security are therefore the only solution that can protect companies and their employees in the future.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
