Email concerns for Australian IT chiefs amid deluge of malicious spam

According to Network and Security equipment manufacturer Cisco, which provides services to filter and monitor corporate emails to weed out spam and security threats, around seven in ten emails were spam last month in Australia. Though many emails were caught by filters, a little managed to get through among whom a small number contained security threats.

Australian businesses lost an estimated $7.2 million to email scammers last month, warned The Australian Competition and Consumer Commission (ACCC). This report from ACCC also pointed out that Australian consumers lost around $107 million to cybersecurity agencies to monitor fraud, which included the Australian Cybercrime Online Reporting Network and Scamwatch. And that they have pointed to 53% jump in business email compromises the same year.

Of this $107 million stolen from consumers, Hacking cost some $3.3 million, while false billing and Remote Access Scams -where a computer is hijacked by a person to help you fix a supposed problem cost around $5.5 million and $4.8 million. However, the huge bags were stolen from investment scams and dating or romance scams which contributed to $38.8 million and $24.6 million.

How to identify a phishing email • Don’t believe everything you see • Beware of urgent or threatening language in the subject line • Look but don’t click • Analyze the salutation • Don’t give up personal information • Don’t trust the 'from' email address • Check for spelling mistakes • Review the signature • Don’t trust the display name • Don’t click on attachments

Source: Email deliverability company Return Path

Cisco's director of Security in Australia and New Zealand, Mr. Steve Moros said on May that, Cisco Talos intelligence group has observed about 71 percent of emails to be spam. He added that "It's harder to spot malicious emails as methods become more sophisticated. Educating yourself, and your business, on the tell-tale signs of a phishing email will help you mitigate the risk, and potentially stop malicious threats."

Cisco's Talos Intelligence group is a threat research organization inside Cisco with data scientists, researchers, and engineers that collects information on existing and developing threats. Reports from Internet Crime Complaint Centre have stated that around $US1.3 billion ($2.1b) to be lost in 2018 due to business email compromise scams. These scams are a form of email fraud in which the attacker masquerades as an above executive or c-level and attempts to trick the victim into performing illegitimate actions, like transferring them money.

Pointing to the new survey data from Cisco, Moros added Email as one of the most efficient and effective ways for an attacker to get into systems to access data. This survey points on the three-quarters of businesses left. In addition to this, 36% of surveyed IT security professionals said that they dealt with security incidents that arose as an outcome of malicious spam opened by staff, while another 27% reported that, the security incidents were results of details stolen from a phishing attack.

Despite this almost 94 % of Australian computer security professionals reported that it was "extremely, very or somewhat challenging" to defend client conduct from cyber-attacks. Moros added that only 26 percent of the Australian Chief Information Security Officer's surveyed use email security. Cisco's latest email threat report added that there were several possible reasons for this flaw while one cause could be the adaptation of the cloud. A recent study by Enterprise Strategy Group on behalf of Cisco, about 80% of respondents reported their organizations to use cloud-based email services.

And the more the organizations opt to host their email services in the cloud, the more they have to forgo the need for dedicated appliances for email security. Cisco, which also supplies such appliances says, "The need for layered protection cannot be stressed enough" as cloud-based email services like Gmail and Outlook, used by many enterprises offer only "basic security features".

Moros concluded by saying that, Email security might seem simple but is an essential security layer, especially when attackers find more sophisticated techniques to get into the organization's machines to compromise customer and business data.