Major security threats lurk in your inbox

Businesses need advanced mix of tools to protect email from sophisticated cyber criminals

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Flash quiz: What tool do humans use most often for shar­ing, col­lab­o­rat­ing, coor­di­nat­ing and archiv­ing? Answer: Email.

And pre­cise­ly because con­sumers and com­pa­nies con­tin­ue to rely so heav­i­ly on email, cyber crim­i­nals relent­less­ly exploit email as a favorite attack vec­tor. Thus spear phish­ing remains the pri­ma­ry way intrud­ers ini­ti­ate Advanced Per­sis­tent Threat (APT) attacks.

Relat­ed video: CEO spoof­ing caper nets crooks $450,000

And Busi­ness Email Compromises—a scam in which the bad guys craft a mes­sage that spoofs a senior exec­u­tive in order to trick a sub­or­di­nate into mak­ing a cash transfer—continues to rise.

Mes­sag­ing secu­ri­ty ven­dor Agari is on the fore­front of help­ing orga­ni­za­tions defend email attacks. Third­Cer­tain­ty asked Agari’s new CEO, Ravi Kha­tod, to sup­ply a 30,000-foot view. Text edit­ed for clar­i­ty and length.

3C: Are we at a cross­roads when it comes to trust­ing email?

Ravi Khatod, Agari CEO
Ravi Kha­tod, Agari CEO

Kha­tod: Essen­tial­ly, nor­mal email isn’t safe. From a busi­ness per­spec­tive, this is an extreme­ly com­plex prob­lem to solve. These high­ly pub­li­cized cyber attacks are cre­at­ing a cul­ture where peo­ple are auto­mat­i­cal­ly see­ing email as untrust­wor­thy. Peo­ple need real solu­tions to thwart these email threats and restore trust across all com­mu­ni­ca­tion chan­nels.

3C: What’s com­ing in the sec­ond half of 2016 and 2017?

Kha­tod: Many busi­ness­es are try­ing to fight phish­ing attacks—including spear phish­ing and busi­ness email compromise—by teach­ing their employ­ees to ques­tion the authen­tic­i­ty of each email they receive. It just does not work. As attacks become more sophis­ti­cat­ed, busi­ness­es need to think about advanced and secure tech­nol­o­gy options to pro­tect their com­pa­ny assets and employ­ees.

3C: Is it enough just to lock down email? What else needs to be addressed?

Kha­tod: Cyber crim­i­nals use mul­ti­ple attack vec­tors. In par­tic­u­lar, spear phish­ing attacks aimed at spe­cif­ic employ­ees with access to priv­i­leged sys­tems is a com­mon­ly used tech­nique and can cause heavy dam­age to busi­ness­es. But a one-size-fits-all approach will not be enough. Com­pa­nies need mul­ti­ple controls—a mix­ture of com­ple­men­tary tools where pre­ven­tion, ear­ly detec­tion, attack con­tain­ment, and recov­ery mea­sures are cohe­sive.

3C: Where is the busi­ness sec­tor, as far as over­all secu­ri­ty aware­ness?

Kha­tod: Cyber­se­cu­ri­ty is now a board-lev­el top­ic. The CISO used to be seen as sole­ly a technologist—those days are over. In this envi­ron­ment, CISOs need to cul­ti­vate rela­tion­ships with oth­er exec­u­tives and posi­tion secu­ri­ty as a busi­ness and finan­cial risk area, in addi­tion to advo­cat­ing proac­tive invest­ments to mit­i­gate secu­ri­ty risks before an attack hap­pens.

3C: What are your goals for Agari?

Kha­tod: Agari has world-renowned data sci­en­tists who spe­cial­ize in email secu­ri­ty, an unmatched amount of data (10 bil­lion emails per day), and a cus­tomer base made up of lead­ing For­tune 500 com­pa­nies that love our solu­tion.

Our goal is to lever­age these incred­i­bly valu­able assets with­in our email secu­ri­ty plat­form in a way that elim­i­nates email as a chan­nel for cyber crime. We want to pro­tect enter­pris­es and their cus­tomers from advanced email attacks, enabling both the pub­lic and employ­ees to once again trust their inbox­es.

More sto­ries relat­ed to email:
When it comes to email, shar­ing isn’t car­ing
Most busi­ness­es unpre­pared for email-based attacks
How to pro­tect your iden­ti­ty with a sim­ple email trick
Where per­son­al data is con­cerned, what’s safe today may not be safe tomor­row

 


Posted in Cybersecurity, Featured Story