As in every industry—particularly technology-centric ones—the history of the cyber security industry has been one of task automation. From the early days (some may say Gen I days) of firewalls and pattern-matching antiviruses to modern techniques of machine learning-based malware detection and traffic analysis, the tools available to a security-minded business are constantly growing in complexity, in an arms race with cybercriminals whose malware has been doing the same.
Due to this, it can be easy to grow complacent and think that certain, older attack vectors are now ‘solved’. In a conference talk delivered last November, Martijn Grooten argued that bulk email spam has been largely solved (or, rather, ‘mitigated’) to the extent that it ever could be. However, he pointed out a number of vital steps that are still necessary to protect oneself against targeted email attacks, such as ‘rais[ing] awareness’ and ‘assum[ing] some emails will get through and people will fall for them; build[ing] defences accordingly’.
Grooten recently followed up his talk with an article for Virus Bulletin, examining the characteristics of some malicious emails that have managed to slip past a range of automated spam detection tools in a lab environment. Whilst the tools’ ‘block rates are extremely high’ for traditional spam messages (approaching 100%), ‘things are different when it comes to emails with a malicious attachment or that contain a phishing link’—that is, targeted email attacks.
With sophisticated email scams on the rise in recent years, with the average cost of a phishing attack against an SME currently standing at $1.6m and 95% of attacks on business networks now a result of phishing, this blind spot in automated spam detection tools poses a significant threat to your business. And if this venerable, three-decade-old technology requires more than just automated tools to protect against misuse, imagine the threats posed by future technologies.
As Grooten laid out, the best protection against the failure of an automated tool is to ensure that your workforce are independently aware of and trained to deal with such email attacks. Using a service such as Mitigate, the complete internal security solution featuring GCHQ-certified e-learning training on a range of topics including secure communications and defeating electronic social engineering attacks, ensures that the human element of your workforce are just as switched-on as the automated element, and ready to catch any malicious emails that may fall through the cracks of the latter.
Grooten also advises building defences in depth, ensuring that the failure of one defence may be made up for by another. This is also vital, and covers things such as enforcing user access control to minimise the risk of an account compromise to intelligently laying out your business network to ensure sections are afforded the security they require.
For more information on Mitigate, or for consultancy on how to improve your business’ cyber security posture and implement multi-layered security, please email [email protected] or call +44 (0)333 323 3981.