Cybersecurity: Cyber ​​Attacks Via Email On The Rise


Cyber ​​attacks on the decline

Businesses and professionals can suffer very serious consequences following a cyber attack via email. According to Proofpoint’s recent “2023 State of the Phish” report, in fact, the 79% of companies have suffered at least one cyber attack via email in the last 12 months, which led to approximately 7% of financial losses; while the potential average cost for the most costly attack is over 1 million dollars.

According to what emerged from the report and also reported by Ansa, in 2022 there were over 18 million emails reported by users and 135 million simulated phishing attacks sent in a period of one year.
In addition to the heavy economic costs, the damages most frequently reported by companies are downtime and interruptions to activities (44%), the loss of sensitive, confidential and business critical data (43%) and the damage caused to brand reputation (41%).
Additionally, regardless of company size or industry, organizations where remote workers account for more than half of the total have higher levels of risk or have incurred greater recovery costs. More generally, most businesses do not feel prepared enough to handle the threat of malware and viruses (34%), advanced email attacks such as account takeovers (30%) or scams such as business email compromise (28%), or even simpler threats such as spam (28%).

Solutions to defend against email attacks

On the other hand, today more than ever, e-mail is the perfect vehicle for attacks launched by cyber criminals, which is why IT and cyber security professionals, but in general all those who want to protect their personal and business data, must pay constant attention to the evolution of security threats such as phishing, ransomware and more.

Therefore, in addition to monitoring the context and dangers coming from the outside, it is important to adopt some best practices to minimize risks and exposure to cyber threats, as well as the impact of an attack. How to do it? Let’s see 5 recommended practices:

  • Increase email security levels: although most companies today have anti-spam and anti-malware filters, these systems are not always configured correctly to block malicious messages effectively. It is therefore essential that email gateway settings are checked regularly to ensure optimal performance. Security must always evolve alongside threats. Scammers continually adapt their email attack tactics to evade spam gateways and filters, so it’s crucial to have an up-to-date solution that can detect and repel targeted phishing attacks. Companies also need to integrate gateways with machine learning technologies that do more than just identify malicious links or accusations;
  • Protect user access: An effective method is to use multifactor authentication, as it provides an additional level of security that complements and complements username and password protection. The adoption of an evolved Zero Trust strategy, in which user access to resources is constantly verified, is also useful for protecting access to one’s systems and reducing exposure to attacks using lateral movement techniques;
  • Automate incident response: An automated incident response solution helps quickly eliminate any detected threats from users’ email inboxes, thus streamlining remediation for all subsequent email messages;
  • Increase cybersecurity awareness: Raising user awareness about spear phishing attacks should be part of the training process to increase cybersecurity awareness. It is important to ensure that employees are able to recognize these attacks, understand their fraudulent nature and report them. All users can be «trained» to identify attacks via a phishing simulator via email, answering machine and text messages, which tests the effectiveness of the training and identifies the users most vulnerable to attacks;
  • Secure all data and back it up: For many businesses, data loss is one of the primary consequences of an email attack. That’s why data must be properly protected, isolated and backed up. Furthermore, you must ensure that the backup data allows for recovery in a reasonable time.

The importance of a Cyber ​​Risk policy

It is therefore clear that email-based attacks are set to become increasingly sophisticated, capable of increasingly leveraging AI and advanced social engineering to try to circumvent security measures and obtain the data or access they desire.
However, it is possible to safeguard your sensitive data from this type of cyber attack by adopting one Cyber ​​Risk policy. This coverage allows the insured to protect himself from cyber attacks and the resulting expenses and losses of data and confidential information. Furthermore, this coverage provides expert intervention for the recovery of lost data and decontamination from any malware. All these are services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also offers its customers the possibility of taking out a Top version of the policy, which provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company’s image.

Increasing awareness and knowledge of email-related risks and increased security are therefore the only solution that can protect companies and their employees in the future.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *