An article in Computerworld UK caught my attention because its subtitle read “Phishing attacks previously caught in the spam filter are now getting through to employee inboxes.”
The post, which appeared in a section titled Security Manager’s Journal was written by someone who is in the midst of taking on email security issues on a daily basis. Reading the article, it was evident that the author was telling a first hand account of their company’s failure to prevent spam from sneaking past the filters and winding up in users’ inboxes.
Unfortunately, the emails that made it through contained malicious attachments that installed malware on the computers of those who opened the files. The author was lucky in the sense that the command and control server that this malware reported to was shut down so the damage was contained without a major breach.
Tracing the issue back, the article goes on to explain that during a migration from one anti-spam solution to another certain security functions were never enabled, thus the malicious email was able to make it past the filter.
The part of this story that really concerned me was that the organization where this happened seemed to take security seriously and the author appeared to be knowledgeable about his or her work. Reading further, the author states that his or her team would be tasked with analyzing the problem. This incident happened despite several people working together to prevent something just like this.
Now, if this could happen in an environment where you have a dedicated team of people working to, how is the smaller sized organization expected to keep up with the vast landscape of email related security threats out there?
Hope for the little guy
In this instance it is easy to fault the security team, but if that is the case then how is an IT department made up of only a few people supposed to get by? Worse still, what if the company has no one on staff that specializes in email security? No, while the team in this example should have done a better job at making sure that the necessary security functions were turned on their security solution could have done a much better job at making the configuration and management easier.
For those worried about their organization’s security, there is a hopeful takeaway from this. That is the fact that not all email security solutions leave you hanging out to dry. Nowadays, security appliances are not all reliant on specialized languages and not everything needs to be configured using the command line or terminal. Solutions that rely on such are capable at protecting assets, but they are so highly customizable that their effect is often lost on the average sized organization, as it their price tag.
Small to medium sized organizations can easily provide the same level of protection for their less complicated email structure by researching solutions that fit the needs of their unique situations. By looking into the products that are on the market they can find a solution that offers:
- Security against multiple types of attacks
- Ease of configuration
- Simple management tasks
- A way for users to help increase the effectiveness of the solution
Spam littered with keywords and misspellings, signature based malware and mass mailings are a thing of the past when it comes to identifying the threats out there. Too many companies, regardless of their size, are still relying on solutions that identify threats based on the attack vectors of ten years ago.
As recent reports have shown, cyber criminals are well funded and thus have found ways to circumvent many of the blockades we had in place just a few years ago. To prevent these more sophisticated attacks from compromising your data and other assets you will need to re-evaluate the tools you have in place to protect them. If what you have doesn’t address the current threat landscape and doesn’t make security something that is manageable and affordable then you need to look to another solution that will meet these criteria. Until you do, your organization remains at risk.