Email remains the most common initial attack route for cyber criminals. And with employees making more use of AI tools, the problem is about to get worse for IT teams.
Infiltrating an organisation via an email-based attack can happen at any level — phishing is not only targeted at senior directors. Once attackers have got an individual’s credentials then they can gain access. Once inside the network with one set of credentials, attackers can more easily move laterally and gain more permissions and fuller access. Even access to an employee’s mobile can be escalated into wider network access.
Early email fraud messages were often badly written and frankly unbelievable. Criminals relied on a ‘spray and pray’ approach – sending out thousands of messages in the hope that a few would stick. Traditional gateway defences are quite adept at dealing with these high-volume attacks. Barracuda’s own data shows that 16% of all email traffic is this sort of high-volume attack such as spam, malware, and other emails with a malicious payload. You still need gateway defences to stop these attacks as they remain a real danger.
This eBook from Barracuda outlines why traditional security gateways can’t cope, and how AI can keep you safe from phishing attacks.
Want to learn more?
Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.
To get in touch or request a demo please contact us.
Fortunately, your HR team can drive and manage change with software that monitors emails, instant messages and attachments. You can read about this shortly, but first, let’s go back a step:
The Harvard Business School defines organisational change as “the action a business takes to change any of its underlying components, such as processes, culture, people, product, infrastructure, or technology.”
In this article, our colleagues Cryoserver look at the hot topic of cultural change. Many HR departments are striving to promote equality, diversity and inclusion, and eliminate toxic behaviour and language. Not only is organisational culture important from HR and legal perspectives; it also affects your corporate and brand identities and ultimately your bottom line too.
Email security is a sweeping term, but what’s under the bonnet, and how do you protect your business from all the top email threats, including the sophisticated ones designed to slip through your secure gateway?
This eBook provides an in-depth look at today’s wide range of evolving email threats, including their risks and impacts on businesses, and how machine learning and API-based inbox defence can address the gaps in the email gateway and help provide total email protection against attacks.
Defend against sophisticated email threats that are able to bypass defences and wreak havoc using backdoor techniques, including spoofing, social engineering, and fraud.
Protect employees at the inbox level using the right combination of technology solutions and security-awareness training.
Use a multi-layered protection strategy to radically reduce susceptibility to email attacks and help better defend your business, data, and people.
Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.
To get in touch or request a demo please contact us.
Although it may be tempting to think that with data in the cloud your business isn’t susceptible to data loss, it’s still vital to add an additional security layer to protect email from spam, phishing, ransomware and other advanced cyber threats. In fact, nowadays malware is usually sent via email and hosted on cloud storage platforms.
Protecting even a cloud-oriented business from known and unknown threats is therefore critical in order to instantly stop the spread of malicious software, phishing, ransomware, spam and business email compromise (BEC) – and best of all requires no high-tech skills.
What’s the solution?
With Kaspersky Security for Microsoft Office 365, your company can protect Exchange Online, OneDrive files, SharePoint files, and Teams files against malware, phishing, spam, and other threats.
Make use of the most sophisticated technologies for your security and at the same time enjoy a quick start thanks to predefined policies and auto configuration.
Get a 6 month FREE trial!
To support remote working in this challenging time, we’re offering 6 months’ FREE protection with the very latest version of Kaspersky Security for Microsoft Office 365. This extends protection for SharePoint Online and Microsoft Teams, securing all collaboration and messaging channels within Microsoft Office 365.
Kaspersky Security for Microsoft Office 365 uses advanced heuristics, machine learning and other next-generation technologies to protect your communication and collaboration processes from ransomware, malicious attachments, spam, phishing (including Business Email Compromise) and unknown threats.
Sign up NOW for a FREE 6-month license and take protecting remote workers off your to-do list.
Click here to view the full datasheet, or watch the short video below.
Want to find out more?
As Kaspersky Gold Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.
To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.
We all read the news – impersonation-based cyber attacks are increasingly more common, sophisticated and targeted.
But what are the most common, and successful approaches that cyber criminals use to attack business like yours in the UK every day? Here are some of the most common impersonation attempts you should be on particular alert for, and make your users aware of.
Is it really your boss?
It’s never the best career move to ignore your boss, so who wouldn’t respond to a request from them? Many times, attackers don’t use complex tools or technology to try and trick you or your employee to wire money, send personal information, give up account credentials, etc. They simply research both you and your employees/manager by checking out social media accounts like Facebook, LinkedIn, or your company’s “About” section. From there, they craft the perfect email (or strings of emails) that legitimately appear to be sent from a trusted source. These messages typically do not contain malicious links or attachments, making them very difficult to detect with traditional email security solutions.
Impersonating popular business apps you use every day
Almost every business uses some sort of web-based application to help manage day-to-day workloads and tasks. Attackers are well aware of this and target trusted web services like Gmail or DocuSign as a way to lure unsuspecting victims. These attacks often try to get you to give up account credentials or click on malicious links. For example, you may receive an email informing you that you have unread messages, to reset your password, or to review or sign a document. From there, you’re taken to a fake website portal and accidentally give up your login information. These crooks will then use this to commit fraud or to launch a more targeted attack within your organisation.
Impersonating your Office 365 account
Most businesses use Microsoft’s popular cloud productivity service; however, familiarity can sometimes be a bad thing. There’s an inherent trust from users when they see an email directly from Office 365, and attackers are capitalising on this trust. They craft emails that ask you to log into a seemingly “valid” web portal. From there, they can gain access to your account and proceed to send malicious emails to your co-workers. What do these particular emails usually contain? You guessed it—a message asking for more sensitive company information or money. Even though Microsoft Office 365 is still a relatively new tool, attackers recognise that it houses a rather large and growing user base, so they plan on taking full advantage.
Secure your business
While we’ve all seen the headlines of data breaches such as British Airlines and Marriott, don’t be lulled into thinking that small and medium sized business aren’t also at risk.
Email is the leading source of modern cyber-threats which makes selecting the right enterprise email security is critical to your business success – this is vital even if you’re using Microsoft Office 365 as we discuss here.
Don’t miss what Forrester Research is saying about enterprise email security – Barracuda has been named a leader in the recent Forrester Wave Enterprise Email Security report.
Email account takeover and lateral phishing represent a growing threat to enterprise UK businesses. In this blog we look at recent findings into Spear Phishing and how it can be used to take over business email systems and access critical data.
How do cyber criminals exploit businesses?
Attackers follow four primary strategies to choose target recipients of lateral phishing attacks. In about one-third of email account takeover attacks, cybercriminals use additional deceptive behaviour to make their lateral phishing emails stealthier or more convincing.
A recent report from Barracuda takes an in-depth look at how compromised email accounts are being used to launch targeted lateral phishing attacks that are designed to evade many existing email protection systems, and which advanced detection techniques, security awareness training, and other strategies and solutions businesses are using to prevent attacks.
A closer look at evolving threats
Barracuda’s research uncovered fresh insights into how these popular attacks are evolving and the tactics used by cybercriminals to try to make them successful. The main findings are as follows:
1 in 7 businesses experienced lateral phishing attacks in a seven-month period, based on a random sample of enterprise organisations.
More than 60 percent of organisations that were attacked experienced multiple incidents.
About 11 percent of attacks managed to successfully compromise additional employee accounts.
42 percent of the lateral phishing incidents weren’t reported to the organisation’s IT or security team.
More than 55 percent of the lateral phishing attacks targeted recipients with some personal or work relationship to the hijacked email account.
37 percent of lateral phishing attacks used tailored content that was enterprise-oriented or highly specific to the victim’s organisation.
“Email threats, including account takeover and lateral phishing, continue to evolve, and cybercriminals continue to find new ways to execute attacks, avoid detection, and trick users,” said Mike Flouton, vice president of email security at Barracuda. “Staying ahead of these types of attacks requires an understanding of the latest tactics being used by cybercriminals and the critical precautions available to help defend your business.”
Find out more
Barracuda’s latest report, titled Spear Phishing: Top Threats and Trends Vol. 2 – Email Account Takeover: Defending Against Lateral Phishing, reveals new details about these growing and evolving threats, including the latest tactics used by cybercriminals and the critical precautions to help defend your business.
The report shows you:
How compromised email accounts are being used to launch targeted lateral-phishing attacks that are designed to evade many existing email protection systems and fool internal and external recipients
Why attacks are becoming more sophisticated, stealthy and successful and how to stop them as they become harder to detect
Which advanced detection techniques, security awareness training and other strategies and solutions businesses are using to prevent attacks
Secure your business
While we’ve all seen the headlines of data breaches such as British Airlines and Marriott, don’t be lulled into thinking that small and medium sized business aren’t also at risk.
Email is the leading source of modern cyber-threats which makes selecting the right enterprise email security is critical to your business success – this is vital even if you’re using Microsoft Office 365 as we discuss here.
Don’t miss what Forrester Research is saying about enterprise email security – Barracuda has been named a leader in the recent Forrester Wave Enterprise Email Security report.
Spoiler warning – they have all experienced cyber attacks in recent years.
British Airways and Marriott International are the latest organisations to have made unwanted headlines this week with a total of almost £300 million in fines handed out to the pair by the ICO.
It prompted us to think back to some of the other big security breaches that have occurred in recent years, and to again question how prepared the majority of businesses really are for cyber attacks.
This isn’t meant to be an exhaustive list, but it’s some of the big names that either affected UK firms or UK consumers (or both).
Superdrug
20,000 customer details breached, and hackers attempted to blackmail the pharmacy chain.
Equifax
Personal data from 145 million people stolen from the credit reference company.
Yahoo
Every single one of Yahoo’s 3 billion accounts worldwide was hacked in 2013 (and details emerged in 2017).
WannaCry
The famous global ransomware attack affected more than 150 countries and 300,000 devices, targeting companies running outdated Windows software.
Uber
In 2016 hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn’t made public until the following year.
LinkedIn
Over 160 million accounts were compromised, and the leak was found to have been occurring for 4 years up to 2016.
eBay
145 million members’ personal details stolen in 2014. eBay’s response caused almost as much concern as the hack itself.
You can read more of the hacks in this excellent article from the BCS.
Secure your business
While these are all household names and therefore make the headlines, don’t be lulled into thinking that small and medium sized business aren’t also at risk.
Email is the leading source of modern cyber-threats which makes selecting the right enterprise email security is critical to your business success – this is vital even if you’re using Microsoft Office 365 as we discuss here.
Don’t miss what Forrester Research is saying about enterprise email security – Barracuda has been named a leader in the recent Forrester Wave Enterprise Email Security report.
Using Office 365 for your business productivity tools certainly has many advantages; easy, user-friendly accessibility from anywhere and at anytime, simplified email access, and reduced costs of business operations and management.
However, the migration and use of Office 365 isn’t without security risks. In this article we look at 5 of those risks, and how your organisation can get best in class protection from ourselves and Barracuda solutions.
1) Defend your Office 365 environment against email-borne threats
Barracuda Essentials for Office 365 stops spam, viruses, and known malware using signature-matching that leverages Barracuda’s vast global threat intelligence system, which gathers real-time threat data from millions of collection points around the world. It also includes a subscription to Barracuda Advanced Threat Protection—a cloud-based service that uses a multilayered architecture with a CPU-emulation sandbox to detect and block new (zero-day) and advanced, evasive threats before they touch your deployment.
2) Prevent data loss and theft
Outbound email filtering protects sensitive data against accidental or deliberate leaking. You can define keywords to look for, along with specific types of data (social-security and credit-card numbers, for example). And if your users have inadvertently allowed their systems to be used for botnet spam, Essentials ensures that outgoing spam and viruses are blocked.
Sensitive emails can be manually marked for encryption, or you can set up rules to automatically encrypt emails based on the sender, content, and other criteria. Your Office 365 emails are sent to the Barracuda Message Center for 256-bit encryption in the cloud. They remain encrypted via Transport Layer Security (TLS) until they reach the intended recipients.
3) Discover latent threats in your mailboxes
The email files stored in your Office 365 environment almost certainly include latent threats—malicious URLs and attachments that are just waiting for a single distracted click to launch an attack on your network. Given the volume and variety of threat-bearing emails, it’s not realistic to consider a manual approach to finding and deleting them all.
The Barracuda Email Threat Scanner is a cloud-based service available to anyone, at no charge. It scans your Office 365 email folders using advanced analytic techniques. It then delivers a report that details all the latent threats, including risk levels, affected users, and more. The information not only lets you clear out the latent threats in your environment; it also gives you the insights you need to adjust or improve your email security policies and strategies to reduce the chance of more malicious email getting into your system.
4) Don’t fall victim to phishing, brand hijacking, and domain fraud
The most sophisticated email-based attacks are the ones that personal. Attackers convincingly impersonate legitimate businesses, colleagues and even customers to obtain sensitive data and money. Barracuda Sentinel uses artificial intelligence engine to add real-time defense from email-based fraud.
Barracuda Sentinel automatically learns the unique communication patterns of each individual organisation. It uses this knowledge to find anomalous signals in the attributes of the incoming message’s metadata and content. It also adds DMARC (Domain-Based Message Authentication Reporting & Conformance) to track potentially sensitive emails being sent from your organisation.
5) Turn employees into a line of defence against phishing attacks
Phishing attacks are more convincing than ever, and they can be difficult to spot. To complicate matters, the attackers are targeting unsecured personal mail accounts more than ever. As a last line of defence, employees need to get better at spotting socially engineered spear phishing attacks.
Barracuda PhishLine provides leading-edge user awareness training to counter sophisticated phishing and socially engineered spear phishing attacks. PhishLine helps your users sharpen their anti-phishing skills with advanced phishing simulations along with end-user testing, reporting, and comprehensive metrics that let you take prompt and meaningful action against threats.
How can I find out more?
As Barracuda Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.
To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.
With cybercrime on the rise and more and more employees and contractors working “on the go”, it’s more important than ever to have the right email security in place for your business.
From your inbox to your employees, you need to know that every avenue a hacker could take is blocked. But with increasingly sophisticated attacks, that’s easier said than done.
Barracuda Total Email Protection ensures your organisation is secured against email-borne threats. Its multi-layered approach combines the most advanced protection available with the radical simplicity and ease of use that Barracuda’s known for.
How easy is it to deploy?
From the IT department’s perspective, you can also avoid the integration chores, uncertain support, and risk that come with building your own solution using point products from unproven startups. The full portfolio of data protection capabilities provides resiliency, and easy recovery from ransomware and accidental data loss, leaving your firm’s email security in the very best hands.
Want to give it a try?
If you would like to try the solution for yourself, please click here to request your free evaluation.
Further information
The below assets are available to make sure your business is well informed – and safe.
Whitepaper: When Reputation is Not Enough
Whitepaper: Comprehensive Email Filtering
Infographic: Know Your Threats
As Barracuda Diamond Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.
To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.
from anywhere and at anytime, simplified email access, and reduced costs of business operations and management.
