This week we launched MG Academy, a series of in person and online events to assist our clients to be upskilled in areas that affect all business regardless of their geography or industry.
We kicked off by inviting James Linton and Continuum Cyber to sit down with CEO Domenic Calabretta to talk all things Cyber.
We discussed how James successfully hacked White House Officials and infiltrated some of the world’s biggest banks and organisations due to social engineering.
We asked three main questions to our audience who were able to respond in real time.
- Has your business been impacted by a cyber event in the past two years?
- Are you adequately protected currently to stop an attack?
- What is your main concern in regard to Cyber Security and your business?
The data we received via the poll highlighted a few interesting points:
1. over 50% of participants in the webinar had experienced some type of cyber incident (that was known) in the past 2 years in their business.
2. 40% of participants highlighted they felt they were adequately protected but a strong cohort responded that they were unaware of the risk to their business and were unable to respond in a binary fashion >50%.
3. The main concerns of the cohort in regard to Cyber security was the risk of losing of data, >40% represented the biggest risk vector which I found personally remarkable.
It’s often banded around that data is the new oil, data is the crown jewels of an organisation and of course in the event of a breach losing that data has some significant implications for a business including loss of reputation, loss of confidence, loss of customers, and fines
In fact, if we overlay the recent cost of a data breach from IBM published last month we see that data breach costs rose from $3.86 million in 2020 to $4.24 million, the highest average total cost in the history of the report.
Additionally, it reported data breaches that took longer than 200 days to identify and contain cost on average $4.87 million, compared to $3.61 million for breaches that took less than 200 days. Overall, it took an average of 287 days to identify and contain a data breach, seven days longer than in the previous report.
So, the costs are going up, the risks are elevated and ransomware is at an all-time high for businesses. We also know that COVID-19 has brought about several key changes in the way we all work. Remote workers will continue to be a target for cybercriminals moving forward. We also know that the attacker is the one innovating-as businesses are merely responding to that innovation.
Finally, James discussed that 95% of cybersecurity breaches are caused by human error, therefore, the focus must be on enabling education and governance around Cyber Security for your business. Whilst the idea of humans being your first layer of defence is discussed all the time, it’s still true.
If we can uplift an individual’s awareness and skillset to spot nefarious attacks, we can lower risk for a business.
So, what can you do today to get on the front foot and not be a statistic? We recommend some simple tips to be aware off.
Top 5 Tips to Identify a Phishing Email
Users all across the globe receive an average of 16 malicious emails every month! Additionally, with the host of email subscriptions that we consciously sign up for, a careful examination of an email before our response could be quite taxing.
Nevertheless, awareness is key to foiling potential attempts of stealing your confidential personal or business data. Here are some tips on how to spot a phishing email.
1. Stay Clear of any Demand of Sensitive Information via Email
Remember that a legitimate organisation would never demand your sensitive personal or financial information through an email. Moreover, a company that you usually deal with would rather direct you to a phone conversation for any information about your account. Beware of unsolicited emails that demand personal information and contain a link or attachment. It is definitely a scam!
2. Be Wary of Generic Email Salutations
Steer clear of emails (usually, marketing emails) that address you as a ‘valued member’, ‘valued customer’, ‘customer’ or ‘account holder’. One must avoid emails containing such generic salutations at all costs as they are usually spam emails. Remember that a genuine company would address you by your name.
However, some cyber conmen are avoiding the salutation part of the email altogether! So, make sure you refer to the other points in this checklist to identify if it’s malicious or genuine.
3. Check the Domain in the Email Address of the Sender
One of the most important tips to spot a phishing email is to closely examine the sender’s address. Check the domain in the email address i.e., the part that comes after ‘@’. This would give you a fair idea about the origin of the email and hence its authenticity.
Cybercrime masterminds often alter the spelling here and there to make the domain look legitimate. So, exercise caution! Although, this is also not a foolproof tip as companies often use unique or miscellaneous domains to reach out to their customers. In fact, small-scale companies rely on third-party email providers to send emails. So the dubious-looking domain may actually be a genuine one!
4. Spelling Errors Should Ring a Warning Bell
Remember one thing! Every brand and every company has a team of proof-readers and copywriters. This to ensure that the content that they put out to customers is free from errors, factual and grammatical. An erroneous content, especially in an email to a potential or existing customer is a huge embarrassment for the company.
Hence, it’s obvious that an email from a valid enterprise would be well written. On the contrary, one can easily identify scam emails by their grammatical and spelling errors. Obviously, hackers are no fools either! They know their target audience and such phishing emails are mostly targeted at the lower strata of the education pyramid.
5. Watch out for Unsolicited Attachments
Do you know what the most popular bait in phishing emails is? Unsolicited and suspicious-looking attachments and links. A genuine organization never sends emails with random attachments or links. They would rather direct the user to their own website to download documents or files if required.
However, companies that do have your contact details may send you white papers, newsletters, etc. as an attachment. So, this isn’t again a complete reliable trick although, you must be wary of attachments having .exe, .scr, and .zip extensions. The best way out is to contact the sender directly in case of any doubt.
Essentially, cyber risk is divided into three main pillars. Your people, your governance, and your technology. We are here to help evaluate each of those risks to lessen the chances of an event which as you can see, prove to be expensive reputationally and fiscally
Continuum Cyber is happy to offer your business a free Cyber assessment and discuss what steps you can take to get Cyber safe. Please reach out to hello@continuumcyber if you have any questions.