FEATURE: EMAIL SECURITY
//////////////////////////////////////////////////////////////////////////
MOST ATTACKS STILL START WITH
PEOPLE BEING SOCIALLY ENGINEERED.
through a simple website screenshot that
they’ve taken, and then they’ll sit there for
five or six months to gather that information. be waiting a little bit longer now before they
craft these emails in an attempt to improve
their success rates.
Then when the attack comes it looks very
sophisticated. It looks sophisticated because
they know who the admin is, they know who’s
running finance, they know the approval
processes. They know the supply chain, and all
of those things come together, so it’s a well-
crafted email when it finally comes. What is the impact of this
on businesses?
Isn’t the willingness to wait a
new thing?
In terms of our customers and prospects we
have been talking to, cybercriminals seem to
42
INTELLIGENTCIO
It’s enormous. There’s so many different
use cases associated with these sorts of
cyberattacks. So, for example, if you’re a
shipping company and you’ve got ships
all over the world then you may have to fill
them with fuel, for example. An attack or a
misplaced invoice that goes to the wrong
account or to the wrong individual, but gets
approved for payment, can have hundreds
of thousands of dollars impact in that sort
of situation. There’s a thousand different
use cases where people get invoices to pay
through their supply chain that end up
costing them tens of thousands of dollars.
Do cybercriminals deliberately
target senior executives?
The impersonation attacks are growing
significantly. I think quarter on quarter we’ve
seen almost 300% growth in impersonation
attacks. So that’s the biggest threat and the
biggest growing threat. So that is targeting
the CIO, the CFO, the CISO, those sorts of
people inside the organisation.
How have cybercriminals
been trying to maximise their
chances of success?
I think it’s understanding the workflow that’s
taking place. So it’s making sure that they
understand exactly how an invoice gets paid,
for example, and they watch those emails
come through. And then they craft them,
and then send them at the appropriate time
www.intelligentcio.com