March 2023

What you need to know about business-to-business email

When the COVID-19 pandemic accelerated the transition to remote and flexible work, businesses had to change how they operated. Internal communications apps, emails, and online portals took over the B2B business world. In the era of digital commerce, many industries had to migrate to a cloud-based working model.

According to IBM’s report, in 2021, data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in history. However, this digital transformation created new threats and security risks.

In this article, we will cover some of the most common methods used by attackers, the consequences of a data breach, and how to prevent one.

 

 

What you need to know about business-to-business email

 

B2B Email Practices


For B2B retailers with an eCommerce channel, email remains one of the most popular payment methods, with 77% of them using it. Moreover, many B2B companies use email as their primary marketing strategy to deliver a personalized and interactive approach to client communication.

Email also remains the most effective lead generation tactic with the highest ROI for B2B companies. However, email is also the most vulnerable point for companies regarding data security.

The problem with email is that so many of us use it daily for personal and professional reasons. Cybercriminals exploit this to steal data and spot any weaknesses by sending various forms and copious amounts of spam.

In fact, 45% of all emails sent are spam.

This figure amounts to a staggering 14.5 billion spam emails sent daily. Although most of these threats are automatically filtered, hackers are now using more advanced methods that can do a lot of damage.

The Wide-Reaching Effects of a Data Breach


According to the FBI’s Internet Crime Complaint Center (IC3), one of the most financially damaging online crimes is the business email compromise (BEC) scam. In fact, between 2014 and 2019, the BEC scams cost US businesses more than $2.1 billion by targeting organizations that use popular cloud-based email services.

IBM’s report states that although BEC was responsible for only 4% of the breaches, it had the highest average total cost of $5.01 million. The second costliest attack was phishing ($4.65 million), followed by malicious insiders ($4.61 million).

Fraudsters are targeting businesses in the US, as reports show that the US is the top country for the average total cost of a data breach for the eleventh year in a row.

The effects of a data breach are far-reaching, from the brand image to the lost revenue. Cybercrime costs include business disruption and lost productivity, forensic and investigative activities, stolen money, lost customers and reputational losses, damage and destruction of data, and the restoration of hacked data.

What’s an even more concerning fact is that while most businesses acknowledge the damages a data breach can have on their brand image, only 48% have the right tools to handle that event appropriately.

Types of Email Threats


The number and severity of cyberattacks have dramatically increased over the years.   Some of the most popular email threats to look out for are spoofing, spear phishing, malware, to the more complex ones such as brand and domain impersonation and lateral phishing.

Malware sent by spam emails

Malware is one of the most severe and common threats commonly delivered through emails. Cybercriminals use this technique to target employees within organizations by sending spam mail to deliver documents, files, and URLs that point users into downloading rough files containing malware.

During this silent takeover, malicious software can infiltrate company networks and access sensitive billing, payment requests, and personal data. The intrusion does not happen right away, so most of the time, the users are completely unaware they have installed malware such as viruses, Trojans, spyware, and worms.

Often, the intrusions are detected after sensitive data is leaked and most of the IT system is compromised.

Spear-phishing emails

Spear-phishing emails are similar to spam, except they are highly personalized and customized phishing attacks. These emails attempt to deceive victims into believing they are from a trusted sender or organization and get them to reveal confidential information.

For example, the attackers can gain access to company accounts, wire money, and acquire data that would allow them to log into a legitimate account. According to a survey by Barracuda, 43% of organizations reported being affected by a spear-phishing attack in the past 12 months.

Impersonation and BEC

Social engineering is a technique when cybercriminals study victims and their social media profiles to make personalized attacks.

These scams are a highly sophisticated type of spear-phishing, where attackers invest a lot of time grooming the victim. The attackers pretend to be a person, service, or organization and send emails that contain insider information to make it realistic and hard to detect.

Impersonation is a broad category of scams that can take on many forms of phishing, such as brand or domain impersonation or BEC. A business email compromise is also known as CEO fraud, as attackers pose as high-ranking figures within the company and use pressure and urgency to trick victims into transferring money.

Data Exfiltration, Extortion, and Ransomware

Data exfiltration is a type of security breach when attackers get a hold of a victim’s or organization’s data, which is copied, retrieved, or transferred from a computer or a server. They can then use this data to threaten to release it and extort money from the victims. Or, in other cases, the hackers ask for a ransom to be paid if the victims want to get it back.

How to Protect Your Business


Securing the client and the server is crucial to keep a business safe from malicious attacks. Regarding security on the client’s side, it is essential to raise the users’ awareness and knowledge of potential threats. Employees need to know how to recognize spam and phishing attacks.

However, as these attacks become increasingly sophisticated, relying just on the client-side is not advisable. All it takes is one employee using a business network to download the wrong attachment, and the result could be disastrous.

That’s why it is just as important to secure the server side so that spam emails get filtered and your servers do not go through DDoS attacks. Hackers have evolved to bypass traditional defenses, hence the need for higher protection.

Email gateway solutions paired with API-based inbox defense can detect malicious emails and prevent attacks. Through AI, this solution can create a communication pattern and spot any anomalous emails.

As email remains one of the most effective forms of marketing, businesses that see data protection as a priority need this double layer of protection.
 

By Ivana Radevska

This article originally appeared on Journey Notes, the Barracuda blog.

Link to the original post

Back