Businesses around the world in every sector and industry are united by a single, common communication thread, email connectivity. Email communication is crucial to any business, so it’s no wonder that email continues to be the most popular attack vector for ransomware.
Ransomware is a form of malicious software (or malware) that, once it’s taken over your computer, threatens you with harm, usually by denying you access to your data. The cybercriminal demands a ransom from the compromised organisation to restore access to the stolen data, but even once the ransom payment has been made, access is not always given back.
This type of email-borne attack can cause financial and reputational damage that is hard to overcome, which makes prevention of these types of attacks a major priority for all organisations. Many believe that it is only big organisations that are targeted by ransomware attackers, but the truth is any organisation, small to large, can be targeted and become a victim.
As with all malicious attacks, ransomware continuously evolves to become more sophisticated and bypass email security systems. Cyber threat actors and threat groups research and test new tactics, techniques and procedures (TTPs) in an attempt to overcome and exploit complicated technology.
In fact, in April 2020 there was a significant increase in ransomware attacks that were looking to exploit the changing working conditions brought on by the COVID-19 pandemic.
As millions of organisations adopted remote working at the start of lockdown, many left significant gaps in their IT systems. Identifying this opportunity, threat actors increased the variety and volume of these types of attacks.
The State of Email Security 2020
Research firm, Vanson Bourne, conducted a Mimecast-commissioned global survey of 1,025 IT decision makers to gain valuable insights into their experiences and outlook on the current state of email security.
The survey found that 50% of those surveyed in the UK had been impacted by ransomware in the last 12 months, and 62% of respondent organisations in the UK were hit by an attack that was spread from an infected user to other employees.
Of the organisations surveyed in the UK, 65% have experienced an increase in impersonation fraud in the last year. The types of impersonation fraud included spoofing CEOs, executives or other employees, spoofing customers, partners or vendors and spoofing well-known brands. While 29% say they have experienced data loss due to a lack cyber security preparation and a massive 86% have suffered downtime from an attack. The report also found that there was a 30% increase of impersonation fraud in the first 100 days of COVID-19.
The Importance of Cyber Resilience
The current threat landscape proves that email-borne attacks such as ransomware, aren’t decreasing, in reality they are increasing. Once considered to be an issue for organisations in the health, education and public sectors, in 2020 ransomware threats are impacting organisations at every level and across a wide range of sectors.
When it comes to any form of cyber attack, prevention is always better than cure. If you can put procedures, protocols and systems in place to prevent these types of attack before they can compromise your organisation then you reduce the risk of downtime, business disruption, financial loss and damage to your organisation’s reputation.
With only 57% of survey respondents having a cyber resilience strategy in place or in the process of rolling one out, there is a significant lack of cyber resilience preparedness that could lead to an increase in the number of organisations that are compromised and exploited.
Next Steps
Book your Free Email Security Risk Assessment
Is your current email security system keeping you safe? Organisations believe they have adequate email security systems in place to keep them protected, but unfortunately many fall short.
MTI partner Mimecast is establishing a standard of transparency for organisations and raising the bar for all security vendors. It is all too apparent to Mimecast that not all email security systems perform equally.
Mimecast is offering free Email Security Risk Assessments (ESRAs). A Mimecast ESRA uses a cloud-based Secure Email Gateway service to assess the effectiveness of legacy email security systems and passively inspects emails that have been passed by the current system.
Mimecast re-inspects these emails to look for false negatives, such as spam, malicious attachments and URLs as well as impersonation attempts.
Assess your Ransomware Protection
Ransomware is a very real threat that everybody knows they are exposed to and most organisations take the necessary steps to ensure they are protected against a ransomware attack.
But few organisations conduct a comprehensive assessment to assess the defences they have in place and whether they are implemented and configured correctly. And even fewer have the processes and procedures in place to successfully overcome an attack, quickly and effectively.
Our extensive experience and knowledge of penetration testing, security products and solutions and security managed services has enabled us to combine our skills, capabilities and experience to provide a single and comprehensive Ransomware Protection Assessment.
Book a call to arrange your Ransomware Protection Assessment to gain a clearer picture of the defences you have in place and the crucial steps you can take to improve them and your protection against ransomware.