Only this past week has news come out that a CEO of a large aircraft parts manufacturer for Airbus has been sacked by the board for losing €50million in a spear phishing / CEO email abuse email. News article is available here.
Furthermore, the FBI reported that across a 2 year period, some 18,000 people lost close to $2.3 Billion from such a compromise. Check out the FBI report here.
Typically, such a scam would involve the recipient organization receiving emails to key staff that are typically functionally based. In other words, invoice payment themes to the finance department or even account lockouts to operations and customer service. The point is that there is some level of familiarity from either the brand associated in the email or the person that is purporting to send the email. Of course in both cases it is a fraudulent email that is using a widely known technique of email domain spoofing. Check out the previous blog - The-fundamental-flaw-in-email.
There are simple steps that can be taken to avoid such severe outcomes.
1. DMARC compliance – The DMARC RFC specification has only been around for a couple of years, but it is the most effective technique to mitigate and STOP email domain spoofing against:
The effort required for DMARC implementation is less than 30 minutes if you know what you’re doing. Dmarcian has a heap of information and FAQs to help you get started. Otherwise I’m sure they would gladly assist.
The implementation and monthly monitoring and reporting costs for DMARC are disproportionately low compared to the benefits that it can provide.
2. Security Awareness Training – knowing that employees are the weakest chain in the link, makes it obvious to add some level of control to the people factor. Building a human firewall to prevent employees (finance, exec level) in key positions making silly errors is a very effective mechanism to raise awareness to the current cyber threats.
3. Vendor Protection Process – as your organisation implements email domain protection it’s not unreasonable to expect your key vendors/suppliers to also do the same. In fact, I would recommend that ALL your vendors be DMARC compliant. The reason is simple – familiarity.
Going back to the people issue discussed above, familiarity can encourage a level of complacency that can result in ransomware getting in to your organisation because that purported sender of the email is seen as a known entity.
In an era where technology can be seen as the panacea to all our issues, it is important to remember that people and process are also just as important to the three legged stool ( that’s a story for another day). Let’s not forget the simple steps that can enhance our general security.