The lockdown has highlighted the importance of cybersecurity as an integrated business process especially given the normalisation of remote working. But while the focus has been on safeguarding employee devices, email security has fallen by the wayside. And yet, 95% of cyberattacks leverage email as an entry point into organisational back-end systems.
Perhaps even more concerning is that last year 94% of malware was delivered by email. Fast forward to the present and the dynamic challenges of the COVID-19 pandemic mean organisations can ill afford to neglect one of the most fundamental elements of their business. But email defence entails more than just installing an anti-virus or firewall. It centres on increasing the business resilience against all forms of malware while still delivering business continuity and disaster recovery should the worst happen.
Of course, this is as much a technology problem as it is a human one. In the case of the former, organisations must be aware of not only endpoint protection, but backup storage best practice, the importance of encryption, and even recovery testing of backup data when it comes to employee emails. For the latter, it is about continual education campaigns that keep staff informed of the threats to watch out for and how to identify potential social engineering attacks.
Despite the risk to operations, many companies still believe their existing cybersecurity solutions and approaches will provide adequate defence against sophisticated threat agents. Sadly, the reality is that it is only a matter of time before they get compromised. Surviving a random virus might be relatively easy but overcoming a concerted ransomware attack is levels of magnitude more difficult.
Imagine the consequences if a business cannot recover its email data.
From customer contracts to client files, sensitive documents to contact information built up over years of engagement, none of this will be safe if a hacker locks down company data with ransomware.
Anecdotal evidence suggests that companies who do end up paying ransomware will likely need to close their doors within six months of doing so. The repercussions are far-reaching both from a financial and reputational perspectives. And then you have the likelihood that hackers would simply target the business again especially if it is known to the underground community that it pays ransomware.
Local organisations must take their email security and business resilience more seriously. Yes, there are many ‘fear, uncertainty, and doubt’ campaigns muddying the waters especially when it comes to the seriousness of the threat. But it is about taking a more proactive stance and implementing the right kind of cybersecurity solutions, updated policies to reflect business continuity requirements, and educating staff on email and other threats such as social engineering.
The business landscape will be radically different come 2021. If cybersecurity does not form part of the new environment for a company, then its chances of remaining relevant will all but disappear.