Spam and Unsolicited Email More Menacing

While we might be witnessing an overall decrease in spam as percent of emails being sent, due to decreasing ROI, higher risks of law enforcement, and advances in filtering, the ones that do get through are ever more menacing. For criminals, email remains the most efficient way onto your computer and it should remain so for the foreseeable future.

Social Engineering Threats Grow

We talk at great length about these scams, specifically those falling under the targeted phishing umbrella. With the many data breaches we’ve seen in the last decade, there should be an even greater increase in attempted social engineering attacks as more users’ data circulates on the dark web. On top of that, criminals are seeing very high returns on successful attacks, with a mean of over $40,000 per successful BEC attack.

Ransomware Should be Declining

While it has made many headlines, we are likely watching a decline in ransomware attacks. Reasons could be primarily improved technology, the low amount paid (for example Wannacry victims paid approximately $300) and the difficulty in getting paid. As well, with the headlines comes an increase in prevention methods. Many companies have heeded our advice and have instituted frequent backups, making it simple to restore data that has been locked up.

Factors that could mitigate this include the ability to buy a ransomware attack kit on the dark web, meaning anyone can launch an attack, as well as the increasing ease of moving money in cryptocurrencies.

Regulation Decreases Major Breach Incidences

The introduction of regulations such as GDPR means that companies will need to go to much greater lengths to protect their customers’ data. This should lead to greater security budgets, and make breaches much more difficult to pull off. That said, the fact that such a great amount of data has already been breached, means the negative impacts have yet to play out.

Corporate Espionage

While unlikely to directly impact your average user, blackmail will become a serious weapon, as will the theft of trade secrets and IP. Manufacturing and industrials will invest a lot into their security, but whether they can do so in time is far from a certain fact.

Political Sabotage & Cyberwarfare

This is probably an area that will only grow in prominence in the conversation about email and cyber security. It has already been shown that states have executed campaigns on other states via email. It’s only starting. Where in the past mutually assured destruction, or more likely impossible odds, dissuaded countries from going into open warfare, a cyber attack presents an easy, cheap and likely casualty-free way of inflicting damage on an enemy. Any major war going forward will be cyber assisted, with cyber attacks on communications systems, transportation, energy and more.

The 4th Industrial Revolution

We are in a phase of unprecedented connectivity. Your fridge is connected to your lightbulb to your bank to your government’s servers. They all connect on the same internet. It presents many touchpoints or attack surfaces to infiltrate (to use the technical term). IoT devices have been left unsecure, hosting huge armies called “Botnets”. What happens when we have smart cars? Or chip implants in our heart monitors? Are people ready for this? And what if they’re compromised by a phishing email?

Moving to The Cloud

The migration from on-premise email services, data storage and other functions to the cloud is well underway. Companies continue to move to the cloud at a rapid clip. With this movement, comes a highly unexplored area – of what happens when criminals go after the cloud in earnest? On the plus side, cloud defenses can be rolled out much quicker than was possible on-premise.

The Tech Side

AI, and Machine learning are expected to play increasingly important roles in how malicious emails are spotted and weeded out. Increasing efficiency will possibly eliminate bulk email threats which along with real time identification, will shut down attack campaigns in micro-seconds. This may discourage many of the less sophisticated attacks that will no longer be profitable. In consequence cyber-assisted scams and social engineering would likely increase as payoffs are high, and require more advanced protection.

Security Awareness Is A Group Effort

To put the scope of risk born by email and other digital threats in perspective, Warren Buffett himself said that the cyber insurance game is a fool’s errand, with the odds of a cyber “Pearl Harbor” being at 2% per year – and he has a pretty good record of spotting trends.

Where does this all leave us? We want the general public to understand the very basics of email security, to have a foundational awareness of what to watch out for. Along with that, to respect the sysadmin or IT admin or consultant, enough to respect that there is a clear and present danger if protocols are not respected. The role of staying on top of the latest technology is the IT position’s job (and security developers). Maintaining a basic cyber and email security awareness is everyone’s job.