intelligent

The biggest threat

Phishing is still the most dangerous threat vector around . Why ? Because it takes advantage of the perceived weakest link in the SME security chain – your employees . Tricking them with spoofed messages to unwittingly download malware or hand over their corporate log-ins , cybercriminals can launch a range of attacks – from ransomware to serious data breaches . These risks have arguably been even more pronounced during lockdown . Staff may be more distracted at home and therefore more likely to click without thinking first . Or they may be using less well-secured home networks and personal devices , and / or sharing these with members of the household who engage in risky online behaviour .

Moving laterally

If attackers manage to hijack users ’ corporate email accounts , they could also move ‘ laterally ’ between inboxes by sending out phishing emails to a victim ’ s colleagues . As they genuinely come from a trusted source , these phishing attempts have a high chance of success for the attacker . This tactic is often used during Business Email Compromise ( BEC ) attacks . These typically don ’ t involve malware , so are harder for email filters to spot . Instead , an attacker masquerades as a CEO , senior exec or supplier , emailing someone in the finance team or similar to urgently request a transfer of corporate funds . The trick looks more convincing if the email comes from a genuine CEO inbox , which has been hijacked by attackers . Such attacks cost global organisations an estimated US $ 1.8 billion in 2019 , half of the total lost to cybercrime that year .

Layering up security

Many SMEs today rely on flexible , simple-to-use cloud-based email systems such as Microsoft 365 ( Office 365 ) or Google Workspace ( formerly G-Suite ). However , you may be surprised at how many suspicious emails these platforms ’ built-in security filters allow through . Trend Micro blocked over 6.5 million such threats in 2020 alone – a reminder that multilayered defence is needed to mitigate emailbased risk . We ’ d advise SME owners to look for a security provider that offers :

• Native integration with the messaging vendor via simple API . This will mean they can secure not only email but also OneDrive , SharePoint Online and other productivity tools

• Anti-malware and URL reputation checks

• Document exploit detection and sandbox analysis

• Machine Learning-powered capabilities to spot sophisticated malware and BEC attempts and credential theft sites

Next , enhance these cloud-based defences with endpoint security for user devices , as this is where any threat will land . Alongside these technology measures , improve cyber awareness training among staff with free tools that run phishing and BEC simulations . As part of best practice cyber hygiene , employees should also be taught how to securely manage their passwords and use multi-factor authentication for log-ins if possible . This will add yet another layer of defence in there to foil determined attackers .

OF THE NEARLY 63 BILLION CYBERTHREATS TREND MICRO BLOCKED GLOBALLY LAST YEAR , OVER 57 BILLION ( 91 %) WERE EMAIL- BORNE .