Deprecated: jetpack_lazy_images_blacklisted_classes is deprecated since version Jetpack 8.7.0! Use jetpack_lazy_images_blocked_classes instead. in /home/dbslmic1/public_html/wp-includes/functions.php on line 5088
Email: The Leading Attack Vector for Cyber Attacks
Cybercriminals are turning to email more than ever to deliver threat-centric content, using it to introduce malware into corporate systems, steal data, and extort money. With the growing adoption of cloud mailbox services like Office 365, blended attacks can target an organization from more than one side.
Although a variety of attack types continue to wage war on business email, three categories of attack are now causing the greatest concern.
- Ransomware. A particular kind of malware that blocks a target company’s access to its own data, ransomware caused losses of US$1 billion in 2016 (csoonline.com).
- Business email compromise (BEC). A real moneymaker for cybercriminals and an even bigger threat than ransomware, BEC persuades high-value targets to send funds or sensitive information to malicious individuals. According to the Internet Crime Complaint Center (IC3), US$5.3 billion was stolen due to BEC fraud between October 2013 and December 2016 (ic3.gov).
- Phishing continues to be an effective attack method with clever social engineering and targeted spear phishing that dupes users into activating their campaigns and eventually compromising entire organizations. During the second quarter of 2017, 67 percent of the malware hitting organizations was delivered via phishing attacks (nttcomsecurity.com).
With email security, cybercriminals can weaponize three areas of the message
- The body of the email
- URLs within the email
Buyer’s Criteria for Email Security Cisco security research5 shows your organization needs an email solution that delivers on five critical requirements to ensure the deeply layered protection your business needs today and in the future.
- Effective intelligence, analysis, and response across your security posture
- Rapid retrospective remediation
- Protection against BEC
- Protection against data leakage and risk from the outbound email
- Encrypt sensitive business information
Requirement 1: Effective Intelligence, Analysis, and Response Across Your Security Posture
As cyber-attacks have become more sophisticated, so has the security deployed against them. Cybercriminals now deploy a wide range of threats that challenge traditional security methods. To be effective, your email security solution needs to go beyond the basic perimeter tools that inspect email at a single point in time. In addition to covering the basics, it must also integrate multiple layers of security in a more holistic approach that continuously analyzes threats and monitors traffic trends.
With this approach, your solution can react rapidly to threat indicators based on the very best intelligence. This gives your security team the level of deep visibility and control it needs to reduce the time to detection (TTD)6 of an attack, scope the event, and contain malware before it causes damage.
How Cisco Provides Effective Security Across Multiple Vectors
Cisco deploys a number of methods to create the multiple layers of security needed to defend against multiple attack types.
- Geolocation-based filtering safeguards against sophisticated spear phishing by quickly controlling email content based on the location of the sender.
- The Cisco® Context Adaptive Scanning Engine (CASE) provides spam capture rates greater than 99 percent and an industry-low false positive rate of less than one in one million.
- Automated threat data drawn from Cisco Talos™ identifies threats with increasing speed, reducing TTD, and exposing even the newest zero-day attacks.
- Advanced Malware Protection (AMP) delivers global visibility and continuous analytics across all components of the AMP architecture for endpoints and mobile devices and in the cloud and network to identify malware based on what it does, not what it looks like.
- AMP also provides persistent protection against URL-based threats via real-time analysis of potentially malicious links.
Requirement 2: Rapid Retrospective Remediation
When malware, phishing attacks, or a malicious URL get through your front-line defenses, your business needs continuous threat monitoring and assessment in place to detect the problem, quickly understand the impact or potential effect of the event, and then remediate it as quickly as possible.
How Cisco Provides Automated Retrospective Remediation
Cisco continuously examines your security environment for malicious files or URLs that may have slipped through or suddenly changed disposition.
- Advanced outbreak filters provide ongoing deep inspection of URLs. With real-time click-time analysis, so that even websites that change from good to malicious behavior can be blocked quickly.
- AMP continuously leverages real-time Talos monitoring and analytics and Cisco Threat Grid intelligence to identify previously unknown threats or sudden changes in the disposition of a file.
- AMP also takes steps to remediate by automatically triggering dynamic reputation analysis and providing visibility into where the malware originated, what systems were affected, and what the malware is doing. After automatically prioritizing remediation, AMP takes action on both inbound and outbound email based on these insights.