As organizations learn to navigate life in the cloud, they need a higher level of preparedness. The volume of cyberattacks organizations face has seen increased this year and includes ransomware, phishing and impersonation fraud. The world was been rocked by two massive malware outbreaks of Petya and WannaCry last year.
Email is the most prevalent and common entry point for attackers looking to gain any foothold into an enterprise system and obtain sensitive data. Email security includes multiple methods to keep sensitive information in email communication and account safe against unauthorized access, or compromise. Email as a channel is maximum used to propagate malware, spam and phishing attacks. Hackers use deceptive messages to entice recipients to share sensitive information, open attachment or click on hyperlink, that will install malware on the victim’s computer.
Enterprises no longer stand in front of the Board and claim prevention-based security plan is adequate. What worked for email security months ago is no longer sufficient and relying on basic anti-spam and anti-virus protection are gone. It is critical to implement a cyber resilience strategy to safeguard against email basec attacks and mitigate risk. The holistic plan that involves email security, business continuity, data protection and end-user education.
The cybercriminals use email vector in different ways to execute attacks. Therefore, the requirement is for an email security scanning layer that not only blocks spam and viruses, but also protects users from phishing, ransomware and impersonation fraud. It should have capabilities such as URL filtering, attachment sandboxing, instant preview and safe file conversion of incoming attachments are must. It is also essential to deploy an automated email encryption solution as a best practice. This solution should be able to analyze email traffic to determine whether the material is sensitive. Further, if the content is sensitive, it should be encrypted to the intended recipient.
Centralized monitoring, analysis and intelligence with emerging tools, tactics and techniques (TTPs) is key. We should also integrate the email security system with onboard SIEM platform.
Data protection is key. Always have a separate copy of data. Email based attacks can traverse across a network very fast. The bottom line is to create a central repository of corporate data which is stored for and fully encrypted, immutable, redundant. It is also essential that we plan business continuity planning, implement an alternate always-on email solution with access through the web and mobile apps.
Another factor is End-User training and empowerment. Employees need to understand risk and how to use email system. What to look and how to respond to attacks. Regular end-user training is must to maximize enterprises ability to respond to cyber threats. Yes, don’t overcomplicate things, educate End-User, track their responses and continually measure, test effectiveness.
Many enterprises are currently don’t have the capabilities and instrumentation to fight back and put up the layered defenses. Enterprises need to invest towards this on an ongoing basis. Crisis planning needs to be evolutionary in nature, not a static one-off investment or activity. Crisis management must be a holistic plan. It should support recovery time objectives (RTO) and includes confident controlled response. CSOs need to look at the risk landscape and the scope of the problem to the management to secure their buy-in including funding. Technology failure, human mistakes and cyberattacks are here to stay as part of business operations. But we must control how quickly and effectively we responds and recover from attacks, disruption.
The author (Kinshuk De) manages delivery of managed security services projects in North America. https://www.linkedin.com/in/kinshukde/