Most critical email threats 2017

The National Cyber Security Centre of Finland has defined two central email threats:

Ransomware

”Ramsomware” software encrypts the victim’s workstation and demands payment for reopening the data.

CEO frauds

The heading “spear phishing and whaling” comprises a variety of very different types of scams that aim to mislead the message recipient.

This can be an invoice or other payment scam, identity theft etc.

Ransomware

Ransomware encrypts the workstation or, through the intranet, possibly even multiple workstations. The organisation and its users cannot access their data, and without backup copies it is possible that the files are completely lost.

CEO frauds

In CEO frauds, a company can lose money due to skilful fraudulent invoices, or the company can become indirectly involved in a crime.

This can also cause significant losses for the company, both in terms of reputation and customer relationships.

Prevention and protection

Ransomware

Preventive network-level protection that prevents end users from accidentally clicking on malicious links. As additional security, backup copies can be used to restore data encrypted by the malware.

CEO frauds

Preventive network-level protection. Both threat types utilise the end users’ lack of competence, greed, envy etc. Therefore the most efficient form of protection is to eliminate the possibility for end users to face these threats.

Personnel training and competence play key roles in both cases.