Biggest Security Lesson of 2017 – You Need a Strong Human Firewall
- Jan 9, 2018, 10:08 AM
- Ben Gane
What is the best strategy for businesses to protect against ransomware, spam phishing and spoofing attacks? There are many strategies for safeguarding against these threats. By far the most effective is user awareness and education. For malware and ransomware to infect successfully it needs some kind of user interaction.
Your users are human firewalls, the last defence of your organization. Cyber attacks are still able to breach companies from time to time despite elaborate multilayer security architectures. This is especially true when it comes to email. Email security is essential for all organizations today, as it’s the most popular method for hackers to deploy malicious code. According to IBM’s X-Force researchers, more than half of all email is spam. We see our spam filtering service SpamTitan blocking over 70% of email as spam.
Considering that there is somewhere in the neighbourhood of 300 billion emails sent every day, one can begin to understand the overwhelming task undertaken by email security companies. Considering the vast amount of spam out there, an email security solution that cannot reliably claim a spam catch rate of at least 99% should not be an option today. Because email continues to be the primary communicative medium for business you also need a solution with a false positive rate at or near zero.
The majority of spam is harmless other than being a drain on productivity, the task of sorting through unsolicited email that comes through or clicking advertising links. Only a small percentage of spam actually contains malicious code. According to Symantec, one in nine email users encountered email malware in the first half of 2017. Users are twice as likely to encounter malware through email as any other delivery method.
Part of this is due to the innovation of malware creators. According to Kaspersky Lab, their labs processed an astounding 360,000 new malicious files on a daily basis in 2017. That was up 11.5% over the previous year. This is why it is so important to choose an email security solution with integrated anti-virus protection. It’s no longer just blocking spam. Your solution must also block viruses, malware and links to malicious websites.
Another reason why users continue to be exposed to email malware is the growing sophistication of phishing attacks. According to an article in TechRepublic, 90% of phishing emails captured from March to November 2016 contain spear-phishing components designed to impersonate a person. These types of attacks strive to mimic an internal email, middle manager, senior executive or trusted source in order to trick a user into giving up financial information or confidential data. Impersonation or spoofing attacks have experienced a 50% quarter-over-quarter increase in 2017. They are currently the fastest growing form of email-based cyberattack.
Impersonation attacks are highly effective for three reasons:
- Many times these types of attacks are highly targeted. Hackers can take weeks or months studying the email protocols, email culture and writing styles before implementing an attack
- Impersonation attacks are the most difficult type of attack for an email filter to combat
- Users are most vulnerable to these attacks as research has shown that even the most security savvy of users can fall for impersonation scams
What Makes an Effective Human Firewall?
If one out of nine of your users will be exposed to malware-laced email despite the presence of an email filter, then it is imperative to create an email watch program within your organization. While security vigilance will never replace a filtering system due to the colossal numbers of email attacks, a security-minded workforce could serve as the last line of defence that can protect your enterprise. One of the first steps to take is to create new policies that limit scam avenues.
- Create a policy that forbids the sharing of sensitive documents in email. This eliminates the possibility of someone replying to an email request for financial documents or proprietary information.
- Create a policy that requires multifactor authentication for financial transactions. Any email request would have to be followed up by a call to an undisclosed number to confirm a password or catchphrase.
- Disable all links inside email bodies to force users to manually navigate to any internal site
Every organization needs to provide a minimum level of training for their users to help them identify phishing attacks. Some of the signs they need to be able to identify are as follows:
- Look for different email formats and layouts that the norm.
- Require all of your users to use an email signature and have them to verify proper signatures
- Look for different writing styles and grammar that is outside of the norm
- Verify that the display names for all emails appear normally
- Require users to create a new email rather than simply replying to an email that is requesting sensitive information or financial transactions
- When replying to an email, have users verify that the reply address is as expected and has not been altered.
Security awareness training and phishing email simulations can reduce susceptibility to email-based cyber attacks by up to 95% according to several anti-phishing training firms, while a spam filter such as SpamTitan can ensure that employees are not tested. SpamTitan blocks more than 99.9% of spam emails, ensuring ransomware and other malware-laced emails are quarantined so they can cause no harm. Train your users to be sceptical of any email with embedded links or requests information that could be of value to someone. A healthy level of scepticism can be the saving grace that saves your company from a devastating attack.