FEATURE : EMAIL SECURITY
What impact has the shift to remote working had on the frequency of these types of attacks ?
It ’ s a lot harder for employees to physically check with their colleagues whether they really did send an ‘ urgent ’ or ‘ confidential ’ email and with a large proportion of the workforce working from home , or flexible working , it ’ s causing disruption in business process . In addition , with the reliance on cloud
WITH BEC , ONE OF THE THINGS THAT YOU NEED TO FOCUS ON FIRST OF ALL IS THE TECHNOLOGY – BLOCK AS MUCH AS POSSIBLE FROM REACHING YOUR PEOPLE .
systems , for example , and new ways of working , you find that people are much more likely to react , because we ’ re in a heightened state of emotion . People are much more likely to click and engage with a threat before following internal processes .
Proofpoint research data shows that , since March 2020 , more than 7,000 CEOs or executives have been impersonated , with the average number of CEO impersonation attacks now at 102 . our people are aware of the threats that are targeting them and that they ‘ verify , verify , verify ’.
With BEC , one of the things that you need to focus on first of all is the technology – block as much as possible from reaching your people . Start by authenticating email and your domain . Implement industry authentication standards like DMARC that prevent criminals from spoofing your domain . Tell your suppliers to do the same thing . By having those layers this will ultimately protect the business , its suppliers and customers .
But we also need to educate our users themselves to identify BEC attacks . Show them the real-world examples and educate them on those threats that you ’ ve blocked . And embed them in part of your security controls , make it easy for them to report bad emails and reward them for doing so .
How important is a layered approach for preventing these types of attacks ?
We need a layered approach to not only prevent BEC attacks but to be able to detect and respond to EAC attacks . For example , if you see that someone is logging in from Venezuela at 2am when they ’ re normally based in London and work 9am – 5pm , you need to be able to remediate that . That ’ s unusual behavior , potentially a compromised account and someone that we need to investigate . So , you need CASB solutions as well , that can detect those types of attacks .
How far do technology and education align to prevent these types of attack and should CIOs and CISOs prioritize one over the other ?
Since the start of the pandemic , Proofpoint has blocked half a million Business Email Compromise attacks . Remote working and the pandemic have really increased the threat that we all face and the risk to businesses , and that ’ s why now is the time to pay attention to BEC and EAC attacks .
Which controls can organizations consider implementing to thwart BEC and EAC attacks ?
Criminals are leveraging a number of different techniques and tactics to try to trick us so we can ’ t assume that there is a silver bullet or that there is one control or one technology that ’ s going to solve this problem because there isn ’ t .
As with anything in security , it ’ s a layered approach – having a process and then of course making sure that
Now that our people are working remotely , we can ’ t rely solely on network firewalls , IPS solutions or the layers we ’ ve put in the data center because we ’ ve outsourced that data center . Our people are our new perimeter . It ’ s critical to train employees and ensure they ’ re aware that they ’ re under attack and to show them the actual threats that we block that are targeting them . But I don ’ t think it ’ s either or – it ’ s both working in tandem . You want to make it easy for employees to alert you by pressing a simple button in Outlook which automatically sends the email to the SOC team .
They analyze that email using technology , sandbox the email to determine whether it is bad . They send an alert back to the employee . Then they use technology to find those emails in other employees ’ inboxes and pull those out automatically . That ’ s people , your employees and technology , the automation and sandboxing , working together to protect the organization .
42 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com