Cyberattacks on corporate email accounts are on the rise nationwide. What are the causes and how can companies strengthen their security in this area?
You can find out everything you need to know here.
Cyberattacks on email accounts
More and more cyberattacks on corporate e-mail accounts are being reported throughout Germany. The perpetrators use them to hack into confidential e-mail communications. From here on, the human vulnerability is exploited: Perpetrators initiate or manipulate financial transactions, for example by using mail spoofing to impersonate a superior. For the victims in the company, it then looks as if they have actually received a corresponding e-mail from their boss and therefore carry out the instruction without questioning it.
Other perpetrators penetrate deeper into the company's network structures via the e-mail accounts and the information found in them, such as login data. This can also be used to spread malware to the contacts of the e-mail account (usually customers of the company) or to carry out direct hacker attacks.
If such attacks are successful, they cause great damage. These are often described as the greatest threat to companies of all. If the attacks remain hidden and do not attract attention through offensive damage, such types of intrusion into corporate networks for the purpose of obtaining information are usually persistent and thus permanently possible.
Causes of successful cyberattacks
The data protection supervisory authorities in Bavaria (BayLDA) and Berlin (BInBDI) are currently conducting audits of companies. One of the purposes of these is to protect e-mail accounts against phishing, spoofing and cyberattacks. For this purpose, the authorities have Questionnaire has been developed. This covers the basic security requirements when dealing with email accounts (Art. 32 GDPR).
The BayLDA sees two main reasons for successful cyberattacks via e-mail accounts: "The actual causes of such cyberattacks are often to be found in improper operation (due to a lack of security awareness among employees, among other things) or in faulty configuration and protection of e-mail accounts.
What to do for more safety?
According to the BayLDA, the risks can be reduced or eliminated with a reasonable amount of effort. Appropriate training for greater security awareness among employees also plays a major role.
In addition, the BayLDA has issued a Handout which is intended to support the protection of e-mail accounts. This presents technical and organizational measures that play a major role in protecting e-mail accounts. In the questions raised there, the basic security requirements are not limited to the companies reviewed by the BayLDA. Procedures such as DKIM and DMARC should already be a technical standard for all companies, but unfortunately very few companies sign their e-mails. We help you to secure your mail infrastructure and mail processing internally and externally.
Do you need support in the area of information security and employee training? Contact us for an offer regarding individual employee training in the area of Information Security/Awareness in your company! Our team of experts will be happy to help you with all your data protection and data security concerns.