Picture the scenario, it’s a Friday and you’ve just got back from lunch, so you open your inbox and see that someone has updated a document in one of the Dropbox folders. You click on the button in the email which takes you to your Dropbox space – but what a minute, it doesn’t appear to be doing that. You click it again, still unresponsive. Little do you know you have just unleashed ransomware on your computer which then contaminates every computer in the network and it seizes every file. The ransom fee of $3,500 is the least of your worries. Just like that, within a few minutes and a couple of clicks on the mouse, you have successfully infected your company with ransomware.
Now that is a horror story every managed IT services company hears on a regular basis – especially here in Australia where the emails that come in go undetected by IT departments or managed IT support providers. Even to the trained eye it would prove difficult to distinguish it as a malware email. The emails have the same fonts, texts, pictures, sender email address and message.
A mammoth 91% of all hacks begin with an email. And 23% of people are known to click phishing links. Hackers are licking their lips everyday knowing that email is one of the best ways of getting a response from their victims as it is increasingly becoming a way of life. Today, we see a decrease in the number of people who do regular 9-5’s from the office and we now see more people becoming mobile and working from remote locations. Email plays an important part in this so people are more reliant on using email as a form of communication and often or not trust-levels are up – emails from colleagues, clients and peers will often go unnoticed as malware.
Flexible hours, working from home or other remote locations, job-sharing, and a growing requirement to be available around the clock means people need constant access to technology. They access their work email on their personal phone, or check personal emails and social media on work devices. Unwittingly, they’re making the workplace – and its customers – vulnerable to attack. Now, when a personal email account is breached, it has wide-ranging implications.
Worldwide spending on cybersecurity is projected to exceed $1 trillion cumulatively in the five years to 2021. Yet cyber breaches are happening more than ever. Why? Scammers’ tactics evolve and improve – leaving Managed IT services providers playing catch up and always asserting the importance of backups. The most successful methods, such as spear-phishing, can be hardest to detect. Last year a Snapchat employee accidentally released private payroll information after falling victim to a scammer who impersonated company CEO Even Spiegel in a ploy known as whaling. These kind of occurrences are ever so familar with IT support firms all over the globe. It’s like easy detective work with a huge cleanup (easy diagnosis of what happened, difficult clean up process). The costs of cyber crime go far beyond financial. Productivity implications, restoration costs, reputational harm, loss of IP and legal ramifications are just some of the risks.
A common example here in Australia is that of the good old fake Australia Post and DHL emails. The email has an attachment apparently containing details about a parcel enroute to the recipient. But those who click the attachment actually execute a malicious Trojan downloader. The file has the potential to monitor activity on the affected system, with the potential to steal passwords and bank account information. To make matters worse, those infected with the malware won’t necessarily know they have been. It could be weeks or months down the track that they realise their bank account has been raided. While the sender appears to be ‘DHL- Services Notification’, the email has been sent from a compromised mailbox. The attachment, is an ‘.exe’ or executable file – meaning it has the ability to automatically run a task. In this case, it’s a highly malicious one.
It is important in this day in age that your company has the right managed IT services provider. Ensure that they are always up to date with whatever brand of anti-malware they are subscribing you to – afterall any issues with your company, is an issue for the managed services company.