There’s no debate that phishing attacks are on the rise. In fact, 90% of data breaches start with a targeted email attack. However, relying on legacy email security tools simply does not work when faced with the trifecta of business email compromise, malicious URL delivery, and malware/ransomware attacks. Modern cloud email platforms require a modern email security solution that can protect against spear phishing and social engineering attacks.
Here are four common misperceptions or “myths” about email security and a brief explanation to dispel them.
1. Microsoft or Google Will Fix It – Two tech giants in charge of billions of corporate mailboxes will surely find a solution to spear phishing, right? Both Microsoft and Google do a tremendous job addressing the security challenges presented by their own infrastructure such as data loss from someone hacking into a server or stealing information from a physical data center.
Think of Microsoft and Google as property management companies for a residential building. They can try to secure the property by installing cameras and modern entry systems but if a tenant gives their keys away and has their condo robbed, there’s not much they can do. Phishing will always be the purview of individual businesses.
2. Our Secure Email Gateway (SEG) Will Protect Us – Email gateways have seen their efficacy erode as enterprise infrastructure has migrated to the cloud. SEGs route mail through their systems, analyze it to see if the emails are “good” or “bad,” and then deliver or block it. By making it a binary decision, these tools allow phishing emails to reach employees at an alarming rate. Cybercriminals craft their attacks with SEGs in mind knowing they have difficulty catching phishing or social engineering attacks.
3. Security Training Will Keep us Safe – Training is certainly a part of compliance but it has not proven to be effective at preventing data breaches. That’s because, according to a recent CSO article, ⅔ of inbound phishing attacks use a company’s own domain name in the ‘From’ field, making them extremely hard to detect. A well-crafted phishing attack delivered to the right person, at the right time will work regardless of the time, resources and effort invested in training them. Employees are soft targets.
4. We Haven’t Been Owned (Yet) – The phishing epidemic will continue — it has proven to be an extremely effective attack vector. And there is no such thing as a company that is too small or inconsequential to be the target of a cyber attack. The Ponemon Institute hammered that point home when they unveiled research that showed there was a 27% probability that a US company will experience a breach in the next 24 months that costs them between $1.1 million and $3.8 million. Just because a cyber criminal hasn’t tested your business’ email security posture yet does not mean you shouldn’t be ready when the time comes.
Learn more about these common misperceptions in our most recent webinar, 4 Reasons Why It’s Time to Rethink Email Security. Also hear GreatHorn CEO Kevin O’Brien explain how targeted phishing attacks work, how they’re evolving and what can be done to protect important assets from business email compromise.