Email attacks are cheap, easy, low risk, and high reward. No wonder a “malicious email is the cyber spy’s favored way in.” An email security breach could impact your organization’s revenue and reputation. Protecting yourself from a breach can be daunting, given how many emails pass through your organization each week.
To Guard Against Cybercrime, Follow the Money
You can protect your organization from an email security breach more effectively if you think of cybercriminals as businesses. Their industry, however illicit, involves partnerships, specializations, and even supply chains. Adopting a competitor’s mindset helps guard against email attacks. The most common type is phishing: fraudulent emails purporting to be from a potentially relevant entity. Spear-phishing attacks are more targeted towards a specific individual or organization. One survey finds the average cost of a successful spear-phishing attack is $1.6 million. Another type of phishing attack, ransomware, can bring business to a standstill by freezing IT systems. To fight this myriad of possible attacks, consider how someone would make money from attacking your organization. Ask yourself: for what could someone demand the highest ransom? Which employees have the most financial power and access? How could someone trick them or use them to trick others? What systems, data, or business processes can your organization least afford to live without? Once you’ve answered those questions, you can employ systems and training focused where you’re most vulnerable. Success against cybercriminals is possible, but requires intense focus and a competitor’s mindset.