This October marks the 15th year of National Cybersecurity Awareness Month, which is designed to highlight the new threats that have emerged and how we are combating them to protect businesses and consumers alike. That makes this an ideal time to reflect on the recent past and forecast the near future.
One of the most important cybersecurity stories of late is that small businesses are increasingly becoming the targets of hackers. Smaller organizations can still be valuable targets, and they often have fewer security measures in place. The U.S. House Committee on Small Business recently highlighted this issue and warned that it’s likely to get worse. Additionally, the National Institute of Standards and Technology (NIST) Small Business Cybersecurity Act recently passed guidance for small businesses on the urgency and necessity of cybersecurity.
Business email compromise, or BEC, is one of the most common ways hackers target small businesses. Hackers pretend to be someone else in an email — a supplier, for example. Then they request payment to a new account under some phony pretenses. It sounds too simple to ever work, but in 2017 alone this scheme caused $675 million in damage
. Unfortunately, these scams are likely to become more common and more damaging, along with a wide range of other attacks.
The current cybersecurity landscape is troubling, but it’s not all bad news. In June, a coalition of international law enforcement agencies took down a 74-member hacker crew
carrying out BEC schemes. Hackers had operated with relative immunity for many years. This arrest suggests that law enforcement is getting better at finding, catching, and ultimately prosecuting cybercriminals.
Regardless of what the future brings, companies should continue to be vigilant and regularly review their cybersecurity measures. With October being Cybersecurity Awareness Month, why not review and improve those measures now?
Proceeding With Caution
We recently saw Google shut down its flagship social network, Google Plus, after a major security breach was uncovered. This comes in the wake of large-scale breaches at Equifax
, Facebook, and a slew of others. With so many high-profile organizations falling victim, it’s easy to conclude that no one is safe. But that doesn’t mean cybersecurity is impossible.
Hackers look for low-hanging fruit. They want to use the cheapest, easiest, and most effective attacks available to steal as much as possible in the shortest time. That means cybersecurity is less about preventing every conceivable attack and more about preventing the most likely attacks.
Focus on the email inbox first. The average inbox gets used all day long, and many emails contain malware, ransomware, phishing scams, or BEC schemes. If just one employee in your organization clicks on a malicious link or downloads a malicious attachment, it could put the entire IT infrastructure at risk.
Protecting an inbox from the most common attacks takes a multi-layered approach to advanced threat protection. Using ZixProtect
for email security keeps your employees from even opening a malicious email, let alone clicking or downloading anything malicious by catching email attacks before they enter the inbox.
Zix filters analyze the source and content of emails to recognize threats and are constantly updated to defend against new threats. Plus, this solution is designed to minimize false positives and deliver legitimate email so that your employees don't have to disrupt their workflow to hunt through a quarantine.
Machine learning, traffic analysis, and real-time threat analysts bolster ZixProtect. Organizations can use our URL rewrite and sandboxing capabilities to further strengthen their email protection against the ever-increasing sophistication of email attacks.
It's critical that email security also include email encryption
. Email contains an immense amount of sensitive data, and it is relatively easy to intercept a message in transit as email on average hops through 22 stops between a sender and receiver. Encrypted email makes the message and any attachments unreadable so that hackers can't steal sensitive information.
The last key component is archiving. With a tool like ZixArchive
, your organizations can retain email and other communication channels and have backups in the event that your network is compromised.
With these three tools in your arsenal, you can defend against the vast majority of threats. And once hackers realize you’re not an easy target, they will likely shift their efforts elsewhere.
Putting Cybersecurity in Context
Defending against attacks is just one aspect of cybersecurity. You also have to consider the ease of use of your cybersecurity tools. If you create a burden for your employees, your defenses could be as disruptive as an actual attack. Whereas security that skips the hassles increases adoption and use, strengthening your organization.
The consequences are just as complicated. Losing money or data is consequential, but so is getting fined by regulators or branded as an unsafe company. The damage of cyberattacks starts faster, cuts deeper, and lingers longer than most people realize.
Cybersecurity Awareness Month is about putting these threats in context. And while it’s important to acknowledge the many risks, it’s just as important to remain hopeful. Cybersecurity takes time, effort, investment, and adjustment — and a positive attitude. You can do it. The companies that learn the lessons of yesterday and start preparing today will come out stronger tomorrow.