As an organization, when thinking about cybersecurity, you have a choice: You can protect all users or only some.
You could think that, in a bid to save money, that some lower-level employees might not be targeted, and it's worth spending resources on those employees with the most valuable information.
Think again. As we reported in our 1H Cyber Attack Report, non-executives are targeted 77% more often than executives.
There's a few reasons for this. One, admins might be spending a lot of their time and energy providing extra attention to the C-Suite, and hackers have adjusted. Second, non-execs still hold sensitive information and have access to financial data.
There are a few scenarios where unprotected users are a real risk to your organization. We'll run through them here:
The Malware Phishing Scenario:
An unprotected Avanan user won’t be protected against opening and deploying:
- Zero-day malware files
- Evasive malware
- Malware, Trojans, and Executables in trusted file shares
The Credential Harvesting Scenario:
An unprotected Avanan user won’t be protected against:
- Links pointing back to a low reputation domain
- Links pointing back to an unrelated domain
- The credential harvesting email itself
The Extortion Email Scenario
An unprotected Avanan user won’t be protected against:
- Emails that demand ransom, currency or gift cards
- Emails with Crypto-Wallet addresses
- Emails spoofing other Users or Domains
The Spearphishing Scenario:
An unprotected Avanan user won’t be protected against
- Accounts that are taken over, monitored, and strategically used as they interact with protected Avanan users
- There will be no links
- No Attachments
Conclusion:
If you're thinking about partial protection for your company, remember that unprotected inboxes, especially those that aren't opened regularly, can still get accessed from time to time.
Those inboxes may auto-forward email to other staff, or they might be catch-all inboxes for certain departments whose staff occasionally check-in.
All it takes is one click, one response, or one download to completely compromise your cloud network.
Saving a few dollars on partial protection could incidentally lead to thousands of dollars in damages, potentially create a negative image to your public, or create several days of clean-up by your IT staff.
That's why full protection is the way to go.