Why You Should Consider
Enhanced Email Solutions
as Part of Your Security Stack
By Ryan Greyslak, Director of Secured Managed Services West, CISO Global, Inc.
It’s late Friday evening and Tom (your average everyday employee) has worked diligently to meet project deadlines and follow up with customers before his much-anticipated weeklong vacation. Exhausted from burning the midnight oil and juggling multiple tasks, he’s eager to wrap up his work and enjoy a well-deserved break.
As Tom completes his last remaining task, he is greeted with one final email before signing off for the week. It’s an urgent email from the IT department claiming there has been a security breach and that all employees must immediately update their login credentials to safeguard company data.
In his eager state to get on the road, Tom briefly glances over the email to confirm its legitimacy. He notices the company logo on the communication and hastily clicks the link. After all, he does not want to be responsible for any potential company data breaches.
Tom follows the link, updates his password, and even notices a file that downloads from the website to update his machine. He proudly acknowledges that he’s completed all his tasks and even caught the important communication from IT before falling out of cellular range for his trip. He locks his machine and heads out for the holiday weekend and extended vacation.
Unfortunately for Tom (and the company he works for) the email was a carefully crafted phishing attempt launched by sophisticated cyber criminals with malicious intent. The link Tom clicked redirected him to a deceptive webpage designed to mimic the company’s internal portal for password updates. Believing he was following company protocol, he unknowingly provided the cyber criminals with direct access to his account and device.
Armed with Tom’s credentials, the cyber criminals gain unauthorized entry into the company’s network and launched a full-scale attack on internal systems, stealing sensitive data, compromising confidential client information, and causing widespread disruption. Tom embarks on his vacation, blissfully unaware of the breach he has accidentally facilitated. Chaos unfolds, and it will be days before the breach is discovered.
Unfortunately, this story is becoming all too common amongst companies that fail to adequately protect their IT environment. Email compromises remain one of the most widely used methods by cyber criminals to attack organizations. According to Earthweb, “Around 94% of all cyber-attacks are carried out through emails, Phishing causes approximately 90% of data breaches, and 3.4 billion phishing emails are sent out each day across the world.”
Phishing is No Joke
The fallout from these breaches is often very severe and causes significant financial losses, potential legal action, shatters the trust of their customers, and causes an overall decline in business. While these incidents often lead to improved cybersecurity practices going forward, it’s crucial to recognize the value of the lesson before suffering the consequences.
There are numerous solutions on the market, and it’s important to know what you should be looking for when comparing. In our experience, the most important thing you want to see in evaluating efficacy of an email solution is multiple layers of protection. This follows a layered approach to cybersecurity, which spans not only your overall approach, but each problem you are working to solve. Since there are multiple ways in which an attacker can access your environment in any given threat vector, you want to make sure your solutions are as comprehensive as possible. You will also want to look for ease of configuration and deployment, as a bonus tip.
In general, your protection strategy should include the following controls for email security:
URL and Attachment Sandbox Defense
This security feature is designed to detect and mitigate advanced threats delivered to email by website or attachment. It employs an isolated secure environment that opens suspicious files and URLs to monitor for potential risks and analyzes the behavior of those actions before the email ever reaches your employees’ inbox. If any indicators of compromise are observed, the email and attachment will be quarantined.
Customer Filter Policies
Custom filters can be created to block malicious communications by sender address, recipient address, geolocation, subject, header, raw message content, attachment type, and attachment name as a few examples. These messages can be sent to quarantine or completely blocked depending on your preference.
Anti-spoofing measures are designed to prevent malicious actors from impersonating legitimate entities, such as individuals or organizations, to deceive recipients and carry out fraudulent and malicious activities.
There are several ways an organization can monitor for and help prevent spoofing of their own domain.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Allows domain owners to specify policies for email authentication and instructs email receivers on how to handle messages that fail authentication. Implementing DMARC helps organizations protect their reputation and reduces the likelihood of spoofed emails reaching their recipients.
Sender Policy Framework (SPF)
This protocol verifies the sending IP address of incoming emails against a list of authorized IP addresses published in the domains DNS records. SPF checks if the email originates from an approved source, which reduces the chances of spoofed emails being delivered.
DomainKeys Identified Mail (DKIM)
An authentication method that uses cryptographic signatures to verify the integrity of email messages and authenticates the sending domain. DKIM enables recipients to verify that the message was not altered in transit and originated from the legitimate domain.
Spam email is not only annoying it also has the potential to be malicious. This solution uses a combination of filtering, reputation analysis, machine learning, content analysis, real time threat intelligence, along with user feedback to reduce the overall flow to your employee’s inbox.
Data Loss Prevention (DLP)
DLP policies are a set of rules and procedures designed to prevent sensitive or confidential data from being lost, leaked, or accessed by unauthorized individuals with an organization. These polices are designed to protect data from accidental or intentional disclosure, both internally and externally. Through inbound and outbound policies, you can monitor the following types of information– banking, financial, personal, protected health, product, tracking, and technical.
Additionally, a good solution will allow you to identify and tag all external emails, create disclaimers, and encrypt emails that contain sensitive data. Those are just a few examples of how an enhanced email security solution adds an additional layer of security to one of your most vulnerable threat vectors as a company.
It’s important to note that while a robust solution can be very effective in defending you against email threats, no single layer of protection is a silver bullet. Creating a culture of cybersecurity includes adopting a multi-layered security approach. By strengthening your overall security posture, your company will be less likely to become the next cyber victim.
At CISO Global, our Secured Managed Services (SMS) team offers enhanced cybersecurity tools that improve your security posture and could have helped prevent the attack on the company Tom worked for by blocking the email before it reached his inbox. Enhanced Email Security Solution is just one of these tools and is included for our managed customers. The SMS team is here to support your journey. Our team can effectively manage all your cybersecurity needs, as well as provide day-to-day technical support for all your employees. We encourage you to contact us today to schedule a call and discover how we can help securely support your business’s IT environment.