3 Web & Email Security Threats Putting your Business at Risk
Posted on: 11 October 2018
Technology is always advancing, and the more it changes, the more challenging it is for businesses to protect their sensitive data and keep their network and email secure. While ensuring that your employees are cyber-security aware and understand the risks and dangers is important, you need a proactive web and email security strategy that will act as a defence barrier and quarantine any threats before they get to your network. Without this, businesses risk the spread and advance of malware, attacks on other websites, networks, and other IT infrastructures. Should cyber-criminals manage to infiltrate your business’s system, the attack has the potential to spread to every single computer on your network, making it increasingly difficult to pinpoint its origin.
Organisations need to start taking a ‘prevention rather than cure’ approach to their web and email security strategy. IT security should be the primary focus for every business - especially if they want to scale and survive in the future. A cyber-attack has the capability of destroying a business - from financially crippling them to ruining their brand image and trust, the devastating impact of a cyber-attack shouldn’t ever be ignored.
According to Microsoft, a recent survey found that a data breach cost a business the average of £2.9 million. In most cases, once an organisation has suffered this catastrophic financial loss, they can no longer afford to operate.
But what security threats are out there, and how can they impact your business? OGL has looked at three email and web security threats that are potentially putting your business at risk, and what you can do to prevent them from impacting your business.
Business Email Compromise (BEC)
Business Email Compromise (BEC) scams are one of the most common cyber security threats that are currently impacting businesses across the globe. A survey from Agari stated that 96% of businesses have received a BEC scam email in the last year, and this type of threat is expected to grow to the value of over $9 billion in 2018.
What is Business Email Compromise?
A business email compromise (BEC) is a man-in-the-email exploit where a hacker gets access to a business’s email accounts and then imitates the business owner’s identity with the aim of defrauding the company and gaining money. BEC attacks can be categorised into two main types:
Credential Grabbing BEC involves the use of phishing kits and keystroke logging in order to steal someone’s credentials and access their target’s webmail.
Email-Only BEC usually comes from someone within the Financial Department of the company being targeted. The aim of this email is simple; financial gain. The email usually looks like it has come from a company executive or manager, and it instructs the target to send money to another account (either as a personal favour or to a contractor or supplier).
Once the BEC email has been opened, the target’s email is compromised by malware that has been downloaded onto the target’s system. Once this phishing software has been actioned, cyber-criminals scour the target’s inbox for sensitive information such as banking details, passwords, usernames and any other information that may be of interest. After the cyber-criminal has the information they want, they then target the user’s contacts and repeat the process.
Mattel’s Narrow Escape of BEC
US-based toymakers, Mattel, narrowly escaped a potentially devastating phishing scam in 2016 that saw $3 million being transferred from Mattel to the Bank of Wenzhou in China. This sophisticated phishing email spoofed Mattel’s new CEO Christopher Sinclair. The attackers had undertaken thorough research about the company’s employees before they’d sent the emails. Because of this, they were able to get a clear understanding of Mattel’s corporate hierarchy and payment history. A senior executive was targeted with the phishing email that had supposedly come from Sinclair who had requested a large sum be sent to the Bank of Wenzhou for a vendor. The exec was under the impression that she was complying with company protocol when she undertook the transfer. As the transfer took place on Good Friday, the hackers weren’t able to access the money until the following Tuesday, which meant that Mattel were able to work with Chinese authorities and the FBI to get the money back before the hackers could claim it.
How to Prevent a BEC Attack
BEC is an arduous social engineering attack that requires education, understanding and sufficient barriers to countermeasure the cyber-criminal’s efforts. Should a spoof phishing email land in your employee’s inbox, they need to be able to identify this threat. However, there are further preventative measures that managers, CEOs and directors can put in place so that the probability of an attack doesn’t solely rely on the education of an employee.
When you choose to invest in cloud-based email security software, you’ll have an added barrier of protection that will quarantine any suspicious emails and potential threats in real-time. The anti-spam and anti-phishing feature means that any inbound or outbound emails that are potentially bogus, harmful or time-wasting will be quarantined and prevented from entering the network.
Distributed Denial of Service (DDoS) Attack
Distributed Denial of Service (DDoS) attacks are becoming a much more prominent cyber threat, and once again has the potential to cripple a business, as the downtime they experience might set them back considerably. According to IT Pro, there were an average of 237 DDoS attacks on UK organisations a month in Q3 of 2017, which is the equivalent to eight attacks a day. DDoS attacks on UK businesses has increased by 35% from Q2 and is up more than 90% compared to Q1 of 2017.
What is a Distributed Denial of Service?
A Distributed Denial of Service (DDoS) attack is a form of Denial of Service attack that poses a risk to businesses across the globe. A DDoS attack is when the perpetrator seeks to take down a target’s network and resources so that its intended users cannot access it. Denial of Service literally means that this attack floods the targeted resource and denies everyone else access to the affected service. In a distributed denial of service attack, this flood of traffic comes from multiple sources, making it near enough impossible to block it, as it has not come from an original source. Blackmail, revenge and activism have been common motivations for this sort of cyber-attack - one of the most famous DDoS attacks came from activist group, Anonymous.
A DDoS attack means that a website will lose traffic through disappointed visitors who won’t return to the site. They also damage the business’s reputation, impact on productivity and efficiency within the workplace. Alongside this, there will be a lack of sales during the downtime, and compensation for any damages will need to be considered.
The National Lottery - A Damaging DDoS Attack
In 2017 the UK National Lottery experienced a DDoS attack during peak time. The DDoS campaign took the National Lottery’s site and mobile app offline, stopping UK players and citizens from playing the Lottery and buying a ticket online. The attack happened at 7PM on September 30th, and lasted until 11PM. After the attack had died down, their site and website experienced minor issues until 3AM. It’s thought that a group of cyber-criminals named Phantom Squad were linked to this attack. They’d previously sent spam emails to websites demanding $720 worth of Bitcoin, or they would experience a DDoS attack.
How to Prevent a DDoS Attack
Every business needs to make sure they’re taking a prevention rather than cure approach - if your business relies on Internet-facing servers, you need to have a proactive web security strategy that will act as a defence barrier that quarantines any threats before they even hit your network. Real-time protection that’s “always-on” is the best approach, and you need to implement software that mitigates any dangers whilst:
- Allowing users to visit and use the site normally as much as possible, even during an attack
- Protecting your network from any data breaches during a potential attack
- Having a backup, alternative system to work from during the downtime
When you choose to implement web and email security software that detects, identifies and mitigates DDoS attacks and other cyber threats, you’re adding another layer of security for your business. By implementing a hybrid solution of cloud-based security and on-premise security, it means that you can detect any on-premise threats early on and then escalate it to the cloud when it’s become too big for on-premise to maintain. This is because the majority of DDoS protection solutions use DNS redirection, which means that traffic is rerouted persistently through the security software (preventing the attackers from penetrating your business’s network), and the cloud-based security software can be scaled to match the DDoS campaign. This also means that your normal users are rerouted to an alternative architecture.
The National Cyber Security Centre reported that they’d seen an “increase in malware variants [...] causing problems for UK businesses.” and that “cyber-attacks against UK business increased to unprecedented levels in 2017.” Malware has proliferated, and it’s becoming much more sophisticated as every new strand develops. In 2005 it was reported that there were 123 strands of new malware found every day. During that time, 10,000 of those strands were new strains of malware. Fast forward a decade later, research has shown that four new strands of malicious malware were discovered every second during Q3 of 2016.
What is Malware?
Malware (also known as malicious software), is a program or file that poses a threat and is harmful to a computer user. There are millions of types of malware, including ransomware, worms, spyware, Trojan horses and botnets. Sophisticated strains of malware can perform an array of functions, from hijacking computer functions to monitor a businesses computer action without permission, or encrypting and deleting sensitive data. As these strains develop and grow, managers, CEOs and directors need to ensure that they’re putting reactive security measures in place that stops malware from even penetrating your network.
Mirai - An Infamous Malware and DDoS Attack
In 2016 a botnet named Mirai scanned the Internet of Things (a network of physical devices, home appliances and items embedded with software, sensors and electronics) for vulnerable devices running on Linux that used a table of more than 60 common factory default usernames and passwords. They would then exploit and log into the vulnerable devices and infect them with Mirai malware. This malware would then increase the use of bandwidth and cause occasional sluggishness. Once the device was rebooted, it was infected within minutes and controlled remotely. After every reboot it reinfected the device. In 2016, Mirai launched multiple DDoS attacks that caused in-accessibility to websites such as Netflix and Twitter.
How to Prevent Malware
As well as educating your employees about cyber-security awareness, you need to choose the right security software that will protect your business. Ensuring that your business’s network is protected from harmful content that could potentially compromise your organisation’s network is crucial. When you choose a solution that looks for email and activity with web-borne malware in real-time, you’re adding that extra layer of protection. Implementing firewalls alongside this will also mean that you’re preventing any unauthorised activity from entering your network.
Prevention Rather Than Cure - Web and Email Security
No matter how big or small your business is, you can no longer ignore online security. Having a real-time, reactive security strategy and Disaster Mitigation and Recovery plan in place is integral to the survival of your organisation in the online world. A survey by OGL had shown that one in five (20%) businesses have no Disaster Mitigation or Recovery plan in place, but they were formulating one. Alongside this, over half (51%) of businesses claimed that they could not go for more than one working day, should the cloud systems they rely on experience downtime during a hardware failure, a DoS or DDoS attack or a data breach.
OGL's Web Security service protects your business from harmful, offensive or inappropriate content. Our comprehensive real-time traffic inspection looks for web-borne malware that could be a potential threat to your business. For that extra layer of security, our Email Security service offers protection for inbound and outbound emails. Using CensorNet's cloud-based technology, inbound and outbound emails are scanned for viruses, phishing threats, content violations and spam. By doing this in the cloud we remove the burden on your local server and can offer backup for unlimited email for up to seven years. It is up to you to put that extra protective barrier in place.