Email-based cyberattacks remain a constant threat to businesses of all sizes. So what solutions can help organizations better protect themselves against the risks posed by email cyberattacks?
1. The State of Email-Based Cyberattacks in Vietnam
Cyberattacks—particularly those conducted via email—are among the most commonly used methods by cybercriminals in Vietnam, targeting both individual users and businesses. According to the latest statistics released by international cybersecurity company Kaspersky on July 19, the total number of malicious emails blocked by their Anti-Phishing system in 2022 reached 17,847,857, including 1,569,005 attacks targeting businesses and 16,278,852 attacks targeting consumers in Vietnam. Statistics show that Vietnam is the most targeted country in Southeast Asia for email-based attacks.
These figures clearly indicate that users must be cautious with incoming emails. Users should avoid clicking on any links unless the email’s legitimacy has been verified.
Based on phishing attack statistics in 2022, email-based attacks account for a very high proportion and are the most common attack method.
2. The Most Common Email Scam Techniques Today
2.1. COVID-Related Scams
This is a relatively recent email scam technique. Attackers disguise emails as COVID-19 updates and send them using spoofed company email addresses to deceive employees. If users are not cautious, they may easily disclose login credentials by clicking on malicious links. As a result, cybercriminals gain access to the victim’s account and the company’s data network. Many individuals and businesses have fallen victim to this tactic, leading to malware infections.
2.2. Bank Account Verification Scams
Attackers typically deceive victims with messages such as:
- Your account has been temporarily locked. Click the link below to restore access.
- You have outstanding bank debt and must make immediate payment or your assets will be seized.
- Notification of prize winnings. Please provide full information to claim your reward.
Victims are then prompted to provide account details, bank account numbers, passwords, and other sensitive information. Attackers subsequently take control of the accounts or steal the victims’ assets.
2.3. Prize Notification Emails
This is another common email scam technique. Attackers offer highly attractive prize notifications to lure victims. Without proper caution, victims may have their information stolen, leading to more serious consequences.
3. Damages Caused by Cyberattacks: What Do Businesses Suffer?
3.1. Data Loss
Data is the primary target of cybercriminals when attacking businesses. Corporate data includes not only customer information but also business secrets and intellectual property. Once hackers gain access to the system, they can steal the entire data repository.
3.2. Financial Loss
It is difficult to accurately measure the financial damage a business suffers after a cyberattack. In addition to the immediate costs of addressing vulnerabilities, businesses also lose potential future profits. Companies typically require one to three days to restore systems to normal operation, but in some cases, recovery may take weeks or even months.
4. Cyber Attack Simulation Solution (CYAS)
4.1. What Is CYAS?
CYAS stands for Cyber Attack Simulator, a software solution designed to assess users’ security awareness by sending simulated attack emails.
When using the software, simulated attack emails are created and sent to users’ inboxes. If users interact with or click on these simulated phishing emails, the system collects data to identify users with low awareness and poor vigilance toward email-based cyber threats. This enables organizations to implement targeted training and strengthen user security awareness.
4.2. CYAS Features
CYAS allows organizations to create simulated phishing emails using various templates or to design entirely new simulated attack emails tailored to the organization’s specific context. Email delivery timing can also be fully customized.
After simulated attack emails are sent, the system collects data and generates reports listing users who clicked on links or opened attachments, along with the corresponding timestamps.
4.3. Benefits of CYAS
CYAS serves as a critical assessment tool for organizations to identify users who lack sufficient awareness of email-based attacks and demonstrate low security vigilance. Based on these insights, management can evaluate employee awareness levels and develop appropriate training plans to help employees use email safely and securely.
5. Online Training Solution (E-Learning)
5.1. E-Learning Levels
E-learning is available in three levels, suitable for employees from basic to advanced:
- Level 1: Workplace safety principles
- Level 2: Cybersecurity in the workplace
- Level 3: Advanced training
5.2. E-Learning Implementation
- Customers select the number of participants and the training level.
- NSV sends the training content and assessments to the email addresses of the participants.
- Participants complete the training and assessments within the specified timeframe. Results are announced immediately upon completion.
- NSV consolidates the results and provides a report to the customer.
5.3. Training Content
- The question system is updated twice per year.
- Training content is updated twice per year.
The CYAS and E-learning solutions for enterprises, provided by NSV, are designed to address all challenges related to protecting internal network security. We hope that these strategies and measures will help organizations safeguard their data and information effectively.
