ENABLING PEOPLE AS THE SOLUTION
Emails are our biggest vulnerability. Cyber Security covers a wide range of products and solutions for different threats, yet 91% of all cyber-attacks begin with a phishing email to an unexpected victim (Deloitte). An average employee sends and receives 126 emails per day – a number that is increasing with 3% on a yearly basis. If you would translate this into hours, this would account for roughly 3 hours a day, which in turn means that the average professional spends 28% of the workday reading and answering email. (The Radicati Group Inc from 2019). Cyber criminals are aware of that fact; email threats are morphing at scale and millions of new email phishing attacks are being crafted and sent every day.
Cyber professionals and chief security officers know this and are therefore taking different approaches to Email Security. Most of them, however, do not rely on their employees to take action and have put automated reporting systems or static warnings in place. The most common ways to tackle Email Security is to have a Security Email Gateway in place, along with awareness programs for those emails that security officers know that will pass their automated defence. Some companies integrated a report button in their O365 ribbon; When employees suspect an email, they report that email to security with a single click. Other may have static warnings, like the [EXTERNAL EMAIL] banner. The assumption is that it will raise the awareness of employees about the risks of emails coming outside their organization network. However, if you are a company representative dealing with external communication all day, the banner that appears in every correspondence will eventually lower your awareness and increases risks.
Time is of the essence
We know that our Security Email Gateways are penetrable. Once a phishing email passed through the SEG, it becomes a ticking time bomb in your employee inbox. Once security has detected, it takes them some time to analyze it and eliminate the threat. They will probably take different factors into account, such as sender authenticity, server location, return path and other vectors to mitigate that security incident. Once an email is declared a phishing email, system administrators will check their records to learn how many mailboxes were infected before finally removing the threat. Removing every phishing incident manually is time consuming and, in some cases, impossible. After an employee receives a phishing email, there is the possibility that they will fail to spot it is such. This means that it is only a matter of minutes from the moment that email landed in an inbox within your organization, until it is clicked and jeopardizes it. But what if your employees could respond in real-time incidents - even the most sophisticated ones.
To read the full article please download the white paper
THE JOURNEY TO SME CYBER SECURITY
Former FBI director Robert Mueller has a nice quote in that scope: “There are only two types of companies: those that have been hacked, and those that will be”.
Cyber attacks are a big issue nowadays; we hear about it across all platforms, whether it’s articles in the (news)papers, on television, or social media: just yesterday a good friend posted on a social network that his phone and accounts were hacked, wondering what he could do about it.
But, it was a trip to the garage that lead to starting a cyber security platform. In the summer of 2019, I needed to service my motorcycle. However, when I arrived at the garage, I was told that they were experiencing a ransomware attack on their machines. The garage had no means of cyber defence, and admitted that they lost a week’s worth of data, and that they had to buy new machines for their business. Later on that week I encountered a notary office, that evidently experienced the same thing a week before. That’s when I knew it was time to act!
The findings astonished me
The deeper I dove it became clearer how fragile the SME market is. In the Netherlands alone, there are more than 440.000 small and medium businesses. According to Forbes 58% of the SME’s where hit by cybercriminals. Another interesting fact is that around 85% of small business owners underestimate the threat cyber criminals pose to their business, and are actually confident that their business will not subjected to an attack. At the same time, reports show alarming number of businesses that have not recovered from a cyber attack and had to close.
Once I knew these numbers, I had to ask myself two questions:
The first question being, why SMEs did not seem to protect themselves properly, and the second one was, what are the major threats to those businesses?
The answer to the first questions actually has several layers. Most business owners do not believe that their business is lucrative enough for hackers, not realizing or unaware of the amount of automated attacks that are already out there – which will not be stopped by a traditional antivirus. However, at the same time, some SMEs carry large amounts of consumer data, that they are obligated to protect by GDPR, and the repercussions of the penalties the Netherlands and the EU have put in place, can be devastating to small and medium-sized enterprises. On top of that, there are the costs; most cyber security products are made for large organizations and considered to be too costly for the SME market - which seems unfair. Lastly, SMEs lacking protection can sometimes be the result of a misconception that IT and Cyber are essentially the same. These companies rely heavily on their external IT provider, that most of the time does not have the expertise in place to enhance cyber security, nor is it their main business.
In regard to the second question, the major cyber threats that SMEs face today: the number one threat remains phishing emails, followed by ransomware, malware attacks, password administration and internal threats such as download policies, former employees, and others. This isn’t just overcome by implementing a full-on security stack, but also benefits from extensive awareness programs, that allows for all employees, on all levels, to be trained on physical and cyber security.
After I gathered all information on the SME cyber security market and analysed it, I decided it was time to actually take action and meet the SMEs demands. In founding MKB Cyber, we took on a mission to find the right protocols and solutions for the market. We have opened a security platform that meets the immediate requirements that SMEs have to have in place, which is unique and affordable to all size companies, and, moreover, we help businesses to create internal policies and recovery plans.
I am excited to launch our SME cyber platform that will help our clients to feel safe, secure and to run their business successfully and with a clear mind. So we make sure you’re not becoming a part of the statistics.