E-Mail, or electronic mail is the single most effective and efficient commonplace method of communicating with someone in the business world today. Even as other methods of digital communication have come and gone, over its 40-year history, email still remains the backbone of business communications with almost 4 Billion users worldwide collectively sending 300 billion electronic messages every single day on average.
Yet email’s ever-present feature and popularity comes at a price: vulnerability. With the growing prevalence and success of targeted social engineering attacks, email continues to be a disturbingly easy entry point for cyber attackers.
According the FBI’s 2017 Internet Crime Report, business email attacks and phishing activities solely drives 48 percent of ALL internet crime-driven financial loss. This is more than all other business-related internet crime combined. These targeted attacks are called by a number of different varieties – Spear Phishing, Business Email Compromise, Impersonation, Identity Theft, Malware Injection, etc. – these are attacks that go from email into core backend systems that contain or has stolen customer data or even financial access.
E-Mail security is a shady issue that lacks a solid remedy or solution. This is because phishing preys on human psychology rather than technological weaknesses. At its core, the real challenge companies must overcome to protect themselves from email threats is their users’ innate trust in corporate email. This isn’t to say that “users are the problem,” but in fact is symptomatic of a larger issue – the essential and critical balance between business ops and security.
This finding means one of two things: Either that the majority of working professionals inherently believe that their work email systems are inherently secure or that they are dumping all “unwanted” emails into the single category of “spam” regardless of whether it technically meets that definition.
This dismissal of such threats within corporate email isn’t a result of thoughtless negligence – it’s due to a head-on focus on business efficiency and operations. The average non-technical worker uses email as a tool to accomplish their job. The volume of email that comes through without threat, in fact, works against security in this instance because it reassures them into a false sense of confidence in the medium. The result is a high susceptibility to phishing and social engineering attacks, especially as those attacks become more sophisticated. Human error often plays a role in successful breaches, and no amount of periodic security awareness training will eliminate that.
A distracted employee coupled with a convincing email from a seemingly trusted sender allows for scammers to easily exploit socially-engineered trust so that targeted employee voluntarily transfers money, personally identifiable information, or confidential and proprietary information.
With today’s complex IT ecosystem – spanning both company- and employee-owned tablets, phones, work laptops, home computers, and phones – email access and email threats are ever-present.