The life of an email hack

Everyone has witnessed the effects of an email hack, whether at work or at home. While your personal risk of being hacked may seem low, the threat to your company’s data is serious. Business email continues to be the primary security threat vector employees face—specifically, malicious email attachments and both common (e.g., spam and viruses) and sophisticated (e.g., spear phishing and ransomware) threats.

It is understood that organizations are under attack from email threats on a daily basis. But what exactly happens during a hack, and how can you keep your company’s data safe? In the example below, a phishing attack uses email as the point of entry for network access, which can lead to malware installations, credential theft and much more.

email-hack-1-crop

Source: “Data Breach Investigations Report,” 2016, Verizon

Step 1: While many threats from outside sources are blocked by email and web security solutions, by masquerading as messages from trustworthy senders, some do still make it past even the best defenses. This phishing attack targets a user via an email link or attachment.

Step 2: Once these threats make it to an employee’s inbox, there’s a good chance they will be clicked or opened. According to Intel Security, 97 percent of people worldwide can’t correctly identify a sophisticated phishing email. Once a victim interacts with the email, malware is installed on the user’s device.

Step 3: The malware now has access to the user’s desktop or other device and can access secure information from virtually any device employees access their work email from. In today’s workplace, you have to worry about more than just company-issued devices as the source of a breach. According to research from the Ponemon Institute, 67 percent of respondents cited employees using their own devices to access company data as likely or certainly the cause of data breaches. From here, the malware steals the user’s credentials. This can be done in a variety of ways, including capturing usernames and passwords when the user signs in to websites or other applications, or even monitoring all actions performed by the user on their system.

Step 4: With these credentials, the malware can access all personal, company, customer or any other confidential and previously secure information from the computer and possibly the entire network. Stolen corporate credentials and data are frequently sold on the black market because they can be used to cause both financial and reputational harm to an organization unfortunate enough to become a victim.

Defend against email threats

But what happens to a malicious email if you have advanced security protections in place? With Exchange Online and Office 365, suspicious attachments face multiple defenses before potentially landing in a user’s inbox. It also learns safe senders and allows you to customize preferences and specifically tailor them to your organization’s needs.

Suspicious emails and attachments go through multiple security checkpoints before making it to a user’s inbox.

While it is always prudent to stay on top of current trends and continue to learn about the types of threats you’ll be facing, the key to keeping company data safe is finding the right solution for your IT team and your business. Select a partner that helps you put up your best defense, using a holistic approach that combines attack protection, detection and response features to secure your organization both now and in the future.

Related content