The latest security survey from Australian cyber emergency response team AusCERT says phishing emails are the most widely used infection vector and are employed by 71% of all threat actor groups.
AusCERT cyber security author and chief executive Craig McDonald says in his latest blog on the company’s website that Australian businesses are targets and are generally underprepared and that ransomware and malware come in a close second and third.
McDonald cites phishing, brandjacking and CEO fraud as cyber crimes perpetrated using email as their primary vector.
“The majority of people think of cyber crime and hacking” as a technical process involving coding and cracking but actually, the reality is much simpler; cyber crime happens via email.
“Without layered email security, serious phishing and malware threats are landing daily in every company’s inboxes.”
McDonald claims that organised crime is responsible for around 50% of cyber security incidents experienced by Australian companies.
“You might not think trickery like this could work, but the statistics on CEO fraud are alarming. According to the FBI, this kind of attack has increased by 2370% since 2015 and the global cost is now in the billions of dollars.
“People tend to think of cyber crime as being high-tech, but CEO fraud uses relatively simple tactics. Unlike ransom-attacks or spyware, CEO fraud doesn’t rely on clever software to be effective; it’s a kind of cyber crime known as ‘social engineering’ that uses psychological cues and deception to defraud victims.”