A New Cybersecurity Approach for Evolving Email Threats

Next-generation security tools focus on getting ahead of attackers, rather than playing catch-up.

Few email users fork over their bank account numbers to Nigerian princes or click links to claim lottery prizes anymore. In fact, as digital natives enter the workforce, the collective sophistication of email users grows.

Yet email scams are still big business. That’s because while users are increasingly savvy, so are the bad actors. Today’s hackers craft emails that look better than legitimate communications from companies. No one is immune to the threats lurking in email inboxes, including organizations that invest heavily in security.

Email threats arrive via three main vectors. The first is spear phishing — bad actors utilizing email to convince people to use their identity and privilege to gain access to something. Another is the installation and execution of ransomware. If users click on malicious links, hackers can take data hostage and demand payment to get it back. The third vector is using email as a vehicle of impersonation. For instance, it could be a message that appears to come from an organization’s chief financial officer with instructions to wire money to a client.

Abandoning Reactionary Security

Educating users can minimize threats, but there’s a point of diminishing returns. It’s counterproductive to expect a mid-level account executive to critically examine every email he receives, because it draws his focus and energy away from the work he’s paid to do.

Traditionally, the security world has been reactionary — we were always fighting the last war. And many organizations continue to augment and expand their existing security arsenals. But new players are taking an entirely different approach — one focused on advancing ahead of the bad actors.

Traditional solutions examined what was attached to emails. They scanned for viruses or malware inside of messages. But those types of threats are obsolete.

Today’s email includes inline pictures, HTML, scripting and functionality, which turns messages into pseudo-web browsers. It can be a powerful marketing tool, but it means that scanning email attachments for viruses or malware is no longer enough. Just opening an email can now serve as the “click” of a URL that takes users to the malware as opposed to bringing it to them in an attachment.

Getting Ahead of Threats

Proofpoint is an example of a next-generation cybersecurity company that doesn’t just look at what’s inside an email, but rather where the email tries to take the user. It rewrites all of the incoming URLs — so that instead of pointing directly to the intended sites, they point to Proofpoint’s URL security engine, which assesses it for threats.

Meanwhile, Proofpoint uses analytics to spot potential threats before they occur. In the past, bad actors were always a step ahead, but security research and analytics are finally helping the good guys gain the upper hand. Plus, security companies have joined forces, sharing information with competing vendors about emerging threats.

Another recent trend is outsourcing email to cloud-based solutions such as Office 365 or Google for Business. This can improve security in some respects, but since cyberattackers know how these products work, it can also introduce a level of predictability that can be exploited. Products such as Proofpoint offer protection for on-premises and cloud-based solutions.

We’ll never hit 100 percent protection against email threats. But thanks to modern solutions — combined with well-educated users and good practices and procedures — we can get closer to that number than ever before.

To learn more about how CDW’s security solutions and services can help your organization defend against evolving threats, visit CDW.com/security

This blog post brought to you by: