With Ransomware and BEC Soaring, it’s Time to Take Control of Email Security

by Bharat Mistry

Sometimes being right is a double-edged sword when it comes to cybersecurity. Trend Micro predicted late last year that 2016 would be the year of online extortion. And lo and behold, over halfway into 2016, ransomware is breaking all records: we discovered 79 new families in the first six months of this year alone; a 172% year-on-year increase. That’s no comfort, of course, to the countless organisations around the world that have suffered at the hands of the online extortionists. Meanwhile, Business Email Compromise (BEC) scams have already netted cybercriminals an estimated $3 billion in profits.

The latest figures from Trend Micro tell us organisations in EMEA are most at risk globally from ransomware. Together with whaling (BEC) attacks, they represent a major challenge for IT security leaders and one that needs to be addressed with urgency. For those looking for some inspiration, the upcoming CLOUDSEC conference in London will offer the perfect opportunity to learn best practice in this space.

EMEA under attack
Trend Micro’ s cloud based Smart Protection Network analyses more than 100TB of data to block over 250 million threats each day for our customers. The latest stats for January-June 2016 reveal that EMEA accounts for 41% of all ransomware attacks – the largest in the world, above Latin America (333%), North America (20%) and APAC (6%). Over half (58%) of the 80 million such threats blocked during this period were email-borne – usually employing social engineering to trick the user into opening a malicious attachment. A full report is available here.

The message is simple: IT managers must invest more in employee education and awareness training. It takes just one misplaced click by a member of staff and an entire organisation could be locked out of their files in minutes. Teach them to act with caution when opening unsolicited mail and you can significantly reduce risk. When combined with advanced security designed to spot and block ransomware files before they reach the endpoint, you have the basis of a solid layered defence.

It’s not just ransomware we have to be concerned about, of course. Another major email-based threat is BEC, or whaling. Here, cybercriminals email a member of the finance team pretending to be a C-level executive, and requesting a transfer of corporate funds outside the organisation. Amazingly it continues to work. Although those in North America (41%) were most frequently targeted during the first half of the year, EMEA (29%) came in second.

Once again, combine user education with strong email security controls such as Trend Micro Network Defence and our Interscan Messaging Security Virtual Appliance to mitigate the risk of attack.

Help at hand
We’ll be discussing these and many other trends at the second CLOUDSEC UK conference in London in September. The one-day show will offer a fantastic opportunity for IT and business leaders to hear from some of the biggest names in the industry. These include Deloitte Global CISO, JR Reagan; Microsoft National Technology Officer, Michael Wignall; Trend Micro Global CTO Raimund Genes; Barclays Global CISO, Troels Oerting; and FBI Supervisory Special Agent, Timothy Wallach.

We’ll be covering everything from the latest threat trends to compliance with European data protection laws, and strategies for working with law enforcement. Sign-up now for a day of learning designed to help organisations Take Control of their cybersecurity.

What: CLOUDSEC London
Where: Park Plaza, Westminster Bridge Road, London SE1 7UT
When: Tuesday 6 September

Leave a Reply

Your email address will not be published. Required fields are marked *