Mind the security gap, warns Bagnall of The Email Laundry
5 February 2016 | 0
One of the biggest challenges cybersecurity technology has grappled with for most of its history is that it is mostly reactive. Just as a crime must take place before the police can investigate, many security products need an attempted attack, or a sample of malicious code, in order to know that something bad is happening.
That is hardly ideal for any IT admin, whose default position is usually dealing with plenty of challenges and now has yet another fire to fight. And where security is concerned, one can be sure time is also a factor because any risk to their organisation will need to be stamped out — fast. This gap between incident and discovery is not a pleasant place to be if you happen to work in IT.
It is not much fun if you are the business owner, either. And it naturally leads to the question of where to invest your money smartly to ensure your organisation is as protected as possible. Let us look at where some of the biggest threats lie.
Research from Trend Micro has found that 91% of targeted attacks start with a ‘spear phishing’ email. That is, a personal message that has been written specifically to target a named individual.
The 2015 Verizon Data Breach Incident Report, which is considered as one of the most reliable and trusted sources of cybercrime intelligence, found that phishing campaigns have evolved from mass-mailed attempts to trick people into parting with their bank account details or credit card log-ins. Now, an additional goal is to install malware as the second stage of an attack and allow criminals to gain entry into the victim’s network.
“Without needing to rely on already-discovered attacks, our patented predictive analytics looks for message behaviour and characteristics that’s out of the ordinary compared to legitimate email traffic. This ‘profiling’ predicts the likelihood of malicious messages, and stops them before they reach their intended target”
Email oils the wheels of business, so clearly we cannot do without it. But as things stand, it is a very open and vulnerable window into an organisation and its people. Attackers only need a moment’s inattention from the user; an embedded link mistakenly clicked on, or a suspicious attachment opened, and they are in.
We estimate the cost of an attack is six times the price of a solution that can prevent it from happening. One of the most high-profile data breach victims, Target, had more than 110 million consumers credit card and personal information exposed. A company financial statement put the net cost of the breach at $105 million — and it all started with a phishing email to one of its suppliers.
So if we agree that email is worth protecting, the good news is, we do not need to wait for bad stuff to happen and pray our defences can catch it in time.
Past performance is a reliable guide to future behaviour, so popular psychology tells us, and it turns out the same is true of email. Without needing to rely on already-discovered attacks, our patented predictive analytics looks for message behaviour and characteristics that’s out of the ordinary compared to legitimate email traffic. This ‘profiling’ predicts the likelihood of malicious messages, and stops them before they reach their intended target.
By now, you are probably thinking of the movie Minority Report, where police in a fictional near future could prevent crimes before they happen. Predictive security analytics are real, and they mean IT admins no longer need to run around like Tom Cruise, averting danger at the last moment to the most valuable communication channel in their business. Making your email safe doesn’t have to be a risky business or an impossible mission.
Ken Bagnall is managing director of The Email Laundry