We’re launching our CyberLabs series on the latest news from the cybersecurity world. Based on practical examples, our pentester will give tips on how to prepare for potential threats and how to minimize the effects of cyber attacks. We introduce Michał, who talks about, among other things, his interest in cybersecurity topics and the latest techniques used by cybercriminals.
Technology has quickly taken over the world around us. Everything we do, both on a business and personal level, seems to involve technology in one way or another. We live in a digital age in which data plays a significant role, and our personal information is at risk more than ever before.
Just think how heavily the world relies on the Internet and email communications. The government, university community, healthcare or private industry not only collect, process and store unprecedented amounts of data in cyberspace, they also rely on critical infrastructure systems to perform operations and provide services. Any attack on this infrastructure can jeopardize more than just customers’ data or a company’s financial performance, it also affects community safety or economic security.
Each year, CERT Polska records an increasing number of notifications and cyber security incidents. In 2021 only, 116,071 notifications were recorded, based on which a total of 29,483 unique incidents were registered, an increase of 182% compared to last year.
The most popular incident type in 2021 was phishing – which made up as much as 76.57% of all incidents handled. The number of incidents classified as phishing compared to the previous year increased by 196 percent and reached 22,575 incidents.
Just look at the headlines over the past few months: massive data breaches, companies selling personal information, browsers snooping on your sessions – all examples of new security threats which will require a talented and well-trained employees to contain and eliminate.
Security engineer and pentester – Michał Błaszczak – is responsible for the safety issues of email communication and our clients’ data. Michał is a true geek and a person whose goal is to constantly improve his knowledge and competence when it comes to cybersecurity. He has made a huge contribution to the implementation of ISO 27001 and ISO 27018 standards in our company. You will get to know Michał better later in this article and during the monthly “meetings” as part of the CyberLabs series on our blog.
Given the importance of cybersecurity, we’ve decided to create a CyberLabs series in which we will regularly discuss what exactly cybersecurity is, how to protect your email systems and data from attacks, and what resources you should follow to stay on top of emerging trends and technologies related to cybersecurity and email communications.
By following CyberLabs, you’ll learn how to implement individual steps to improve your company’s security. In the meantime, check out our interview with Michal.
My name is Michał Błaszczak and at Vercom company I’m a Pentester, so it can be said that I’m looking for a hole in the whole so that our data is safe. Why did I choose cyber(in)security? In fact, as long as I can remember, this subject has always fascinated me. As a kid, I remember watching movies in which someone hacked into systems in moments … Who wouldn’t. This fascination turned into my hobby, passion, lifestyle, and also my profession. I believe that cybersecurity is one of the most important elements of technological development. On the one hand, by finding errors, we improve the security of given systems and software, and on the other hand, it is through such activities that technology must develop to fix these errors.
Every day we exchange a huge number of messages via the Internet, be it via messenger or e-mail, we receive one-time passwords, we shop online, log into banks and others. Is cybersecurity important? Definitely yes! Were it not for this security element, no one on the website would have provided their data, including sensitive data. However, if this data were provided, I can say with certainty that it wouldn’t be safe for a long time. People trust various entities because they believe that the data they provide there will be safe, so it is worth making these people aware that they are right. However, cybersecurity is not only focused on web applications. One of the main attack vectors is man. It is his cybercriminals who try to trick you into following a given link in order to phish access data (phishing) or download malware. Therefore, in addition to system security, the focus should be on employees’ cyber knowledge.
According to the CERT’s annual report for 2021, the main threat was phishing (over 22,000 incidents were reported in Poland), i.e. a method of fraud that involves impersonating a trusted institution or person in order to persuade the victim to perform some action in favor of the attacker, e.g. providing login data. I think that this number may increase significantly in the coming years. Recently, criminals have significantly improved their phishing techniques, and also enriched their attacks with, for example, Smishing, or phishing via SMS. Right next to phishing attacks, I could point out a ransomware attack that we can hear about more and more. In this attack, cybercriminals enter the corporate network, e.g. through phishing, and then encrypt the data and demand a ransom in return for decrypting the data. Of course, after paying the ransom, we are never sure if it will happen … Therefore, it is always worth having an emergency plan for such situations.
Human error is at the heart of most attacks. What I mean here is the employees’ lack of awareness of the risks and what can happen, for example, after opening a malicious file. It is worth remembering that most of these people are non-technical, so it is worth preparing such training properly so as not to bore the listeners with technical vocabulary. Thanks to this, many people will certainly come out with much more knowledge about cyber threats. When it comes to the security of systems itself, it is worth focusing on regular system and software updates. In addition, for example, penetration tests should be carried out regularly, thanks to which the largest possible number of vulnerabilities in a given system is found, which may have a negative impact on the confidentiality, integrity and availability of the data being processed. And of course, I invite you to read the articles published as part of CyberLabs. There you will be able to learn about various cyber threats on an ongoing basis. In addition, a handful of good advice will be added to each article, which will help to significantly eliminate a given threat.
As I mentioned, the monthly CyberLabs articles will provide information on various techniques and attacks used by cybercriminals. Advice will be added to each such article, and if we follow it, we will be able to significantly reduce the attacker’s capabilities. Articles will be written in such a way that technical and less technical people will find something for themselves. In addition, as part of the Newsletter, we will inform you about new critical vulnerabilities that may affect data security, it is also worth subscribing to it.
Thank you very much for the interview.
How Apple Mail privacy updates affect email open rates? Although the new privacy policy for Apple users was already introduced in September 2021 (with the launch of iOS 15...
Best practices, Dobre praktyki, Transactional Emails
mBank was the first bank in our country to declare war on cybercriminals’ activities and implement sender authentication in the most popular mailboxes used by their customers. These solutions...
Sociotechnic, or in other words social engineering, is any action that influences another individual in order to persuade him to take certain actions, which may not be in his...
Best practices, Converion Rate, Dobre praktyki
Promotional emails usually contain a significant amount of information – we are talking here not only about the content, but also graphics presenting the products covered by the promotion,...
Ignoring the mistakes made in previous years and failing to learn the right lessons are the main ‘sins’ of marketers preparing campaigns for Black Friday – a day considered...
Vercom S.A. public company, to which the EmailLabs project belongs, has successfully completed the ISO 27001 Surveillance Audit and ISO 27018 Certification. Both audits confirm that organization’s information security...
We’re launching our CyberLabs series on the latest news from the cybersecurity world. Based on practical examples, our pentester will give tips on how to prepare for potential threats...
Antispam, Best practices, BIMI
The AuthIndicators Working Group (BIMI Group) recently announced that Apple systems such as iOS 16, iPadOS 16, and macOS Ventura will support BIMI starting this fall. Thus, the infographic showing...
Email marketing communication needs to be properly handled to be effective. Apart from technical matters, building positive subscriber engagement with email communication is very crucial. Nowadays, consumers feel overwhelmed...
An ESP (Email Service Provider) is a software-based service for email distribution, often based on its servers, optimized for high (mass) traffic. Many of them enable integration with CRM...
Best practices, Deliverability
What is email deliverability? While talking to eCommerce store owners, marketing specialists, or reading various reports on email communication, you may often get the impression that the main criteria...
Vercom, to which EmailLabs belongs, is a European company, fully compliant with the provisions of GDPR and based solely on its own servers located in CEE. We provide our...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
How to avoid having my messages stopped by the spam filter? Your customers’ inbox certainly has protection set up to prevent unwanted emails. However, to pass their validation, you...
Converion Rate, Dobre praktyki, Open Rate
For many years, one of the most frequently monitored metrics of the effectiveness of email campaigns has been the open rate, i.e. the ratio of messages opened to messages...
Email security is an essential element that every company needs to ensure during the era of evolving cybercrime. Attacks by hackers on business entities very often target precisely email...