By: Eyal Benishti, CEO and Founder,IRONSCALES
More than 90% of companies today use some sort of cloud service.
The worldwide public cloud computing market continues to grow and is expected to reach an estimated $397 billion in 2022. That’s due to its multiple benefits, including, cost savings, flexibility, and sustainability. But as the use and comfort of cloud computing increases, so does the risk of cyberattacks.
Just one email can lead to aggressive attacks like the recent Colonial Pipeline or JBS takeovers. Phishing scams – the number one type of cyberattacks in 2020 – have become more numerous, sophisticated, and severe. As COVID-19 closed many offices, employers were forced to invest more in cloud computing to support remote staff and criminals took notice. During the pandemic, the average cost of a data breach soared to $21,659 per incident (with 5% of successful attacks cost businesses $1 million or more).
To prevent losing access to your email and information, it is necessary to have proactive security measures. The cloud environment demands stricter attention to identity and access management, perimeter security, insider threats, and employee carelessness. Here are some steps you can take to mitigate your risk of falling victim to attack in the cloud environment.
- Security: 25% of phishing attacks get past existing defenses. You should not assume that your current security features are covering all your bases. Protect your company by installing an email solution that specifically targets phishing attacks. One global company with more than 65,000 employees saw a dramatic reduction in the number of phishing emails received, reported 107,750 total quarantined emails, and saved over 460 analytical hours in just a few months after extending its security beyond native Microsoft 365 security tools.
- Training: Nearly 85% of successful data breaches involved defrauding humans, rather than exploiting flaws in computer code. Your employees should be the first line of defense against phishing emails, not the Achilles heel. Regular training should be held to educate employees to recognize and handle suspicious emails. Work with your IT solutions vendor on a regular training program that accounts for constantly evolving phishing techniques.
- MFA: Multi-Factor Identification is one of the most cost-effective ways to reduce unauthorized access. This system adds an extra step when logging into your email, asking you to confirm your identity by entering a code sent to your cell or via an app. This is standard practice, and not doing so is often considered negligent by most security experts. Double-check to make sure you have MFA in place, making it more difficult for hackers to access your information.
- User access: Not everyone in your organization needs access to all of your information, files, and apps. Only give access to those who need it. This way you minimize the potential loss if an employee’s cloud account is compromised.
- Off-boarding: Create a comprehensive off-boarding process to ensure that the credentials of former employees are no longer active. The fewer active accounts, the fewer access points for cyberattacks.
Though flexible and enabling, the cloud introduces new security threats. Cybersecurity is a complex issue, especially for those who are not already well-versed in cloud technology and the potential risks. Consider working directly with a specialized email security vendor to mitigate your risks and keep your employees educated.
Taking proactive measures to protect against phishing attacks enables you to safely embrace today’s (and tomorrow’s) computing environment.
About the Author
Eyal Benishti is the founder and CEO of IRONSCALES. Prior to launching the company, he served as a member of the Israeli Defense Forces’ elite Intelligence Technology unit. IRONSCALES offers security professionals an AI-driven, self-learning email security platform that provides a comprehensive solution to proactively fight phishing attacks. Using the world’s most decentralized threat protection network, the IRONSCALES platform accelerates the prevention, detection and remediation of phishing attacks already inside your email with threat removal times in seconds. The company give organizations of all sizes complete anti-phishing protection against any type of phishing attack. For more information visit the IRONSCALES website and visit the LinkedIn page.