cybersecurity in

(Source – Shutterstock)

State of Email security 2022: The need for cybersecurity in an interconnected future

Article by Stanley Hsu, Regional Vice President, Asia, Mimecast

Evaldas Rimasauskas managed to steal over $100 million from Facebook and Google undetected for over 2 years in a creative way; he simply emailed the tech giants and asked for the money. In 2019, he was arrested for helping to orchestrate a scheme that included setting up a fake business that impersonated Quanta Computer, a Taiwan-based company that Facebook and Google used as a vendor – and sent phishing emails to employees at both companies. This is far from the first time that a major company has been defrauded out of millions of dollars, and it will not be the last.

Today, cybersecurity is top of mind for most businesses as more people connect in virtual environments. The COVID-19 pandemic has accelerated digital adoption for organizations, but it has also simultaneously exposed cybersecurity vulnerabilities and unpreparedness. While there is a widespread dependency on increasingly complex, interconnected digital systems, growing cyber threats are also outpacing the ability for many organizations to effectively prevent and manage them. Threat actors are proliferating due to growing vulnerabilities and more connected devices, and cybersecurity and resilience can no longer be ignored.

Confronting the Dangers of Cyber Attacks

Stanley Hsu, Regional Vice President, Asia, Mimecast

In this climate, companies must remain vigilant in enforcing their cybersecurity strategies, and ensure their employees are properly equipped to better manage and mitigate cyberattacks. In Singapore, it’s been widely reported that phishing scams are a key driver for cybercrime, and email threats continue to permeate every organization at a global level. In Mimecast’s sixth annual State of Email Security 2022 report, the picture that emerges is one of increased apprehension – most companies are bracing for an email-based attack, amidst rising cyber threat levels that are also becoming more sophisticated.

Businesses and public institutions alike are in the crosshairs of a growing legion of cybercriminals. In 2021, Singapore was ranked sixth in the world for having the most databases exposed to the Web, which hackers could breach and exploit. In the same year, nearly every organization surveyed in Singapore (97%) in Mimecast’s research was the target of a phishing attack, and these attacks are becoming more frequent. Furthermore, 84% of the surveyed organizations are also receiving an increased number of email-based threats – the largest amount globally, marking Singapore as a key target for threat actors.

While security defenses that come with key platforms, like Microsoft 365, afford some protection from email-borne attacks, 93% of Singapore respondents to our survey have found them insufficient to protect against all threats, given the methods of attack are also evolving. SingCERT also reports an increasing trend of Business Email Compromise (BEC) attacks, as cybercriminals are now also adapting their social engineering schemes to better target victims. Efforts to spoof web domains and clone websites of companies are also on the rise, with companies identifying or being made aware of an average of nine attacks yearly.

Phishing attacks are among the most common threats, and data leaks, business email compromises, and ransomware attacks are not far behind. In Singapore, 83% were affected by ransomware attacks, with 52% experiencing a week of downtime or more. Of those affected, 71% made payments to retrieve lost data, and 32% of them failed to recover the data despite paying. With ransomware attacks, prevention is always the first step; organizations must take proper measures to secure their infrastructures and systems, while also formulating backup and recovery plans for critical data.

Building a Defence for Cyber Resilience

Against the gloomy backdrop of evolving cybercrime, the SOES report also reveals a hopeful development: leaders at companies and public agencies are now more attentive than ever to perennial concerns surrounding cyberattacks and are willing to spend more on strengthening cyber resilience against emerging cyber risks. This heightened awareness of the lack of cyber preparedness as a major risk factor, is ensuring 97% of companies are beginning to shift, and already have or plan to roll out cyber resilience strategies. This is also further supported by the Cyber Security Agency of Singapore (CSA), set to work closely with industry stakeholders to build greater cyber resilience.

To that end, many companies are planning to increase their cybersecurity budget this year, with IT budgets set aside specifically to ensure the organization is well prepared to meet the rising threat of cyberattacks. Cybercriminals typically capitalize on low-risk, high-reward opportunities, and cybersecurity teams need to be prepared and equipped to face evolving threats, protecting the organization from succumbing to persistent cyber threats.

Furthermore, the Verizon Data Breach Investigations Report 2022 has also found that 82% of cyber breaches were the result of human elements, such as errors, social attacks, and misuse. This implies that most security issues can be mitigated by providing effective training to reduce human error. This is backed by Mimecast’s report, finding that only 7% of companies in Singapore provide awareness training to their employees on an ongoing basis. Ultimately, greater cyber resilience can be achieved by effective and regular cyber education and training initiatives.

Towards Greater Cyber Resilience

Even as email-based threats become more pervasive, organizations can take measured steps forward to mitigate this growing challenge. Cyberattacks will not stop anytime soon, and there is no one-size-fits-all solution to resolve all issues within the cybersecurity space. However, there are clear and concrete steps that leaders can take to better prepare themselves and their organizations against potential attacks. Cybersecurity should not be viewed as just a technology solution, but rather as a combination of systems spanning technology, people, and processes. The ongoing shift from cybersecurity to cyber resilience is an important step forward in the fight against cybercrime.

 

The views in this article is that of the author and may not reflect the views of Tech Wire Asia.