Johannesburg, 14 Jul 2022
First, the good news: the good guys are scoring significant wins in the notoriously vulnerable e-mail security space where an estimated 90% of cyber attacks originate.
Now the bad news: the volume of attacks is increasing and the behaviour of cyber criminals is difficult to predict, with novel and new threats emerging all the time.
It’s an ongoing battle with neither side holding on to its winning or losing position for long, says Sam Gelbart, Technical Director at e-mail security and mailbox hosting provider SYNAQ, which processes millions of brute-force credential attacks against its mailboxes every week in addition to detecting and quarantining over 150 000 phishing/malware e-mails every month.
“While we constantly adapt our systems to emerging threats that we detect and track, our major concern is the threats we don’t know about or that we can’t foresee,” he adds. “We know they are being planned and targeted. So we leverage the latest zero-day threat data from strategic security partners around the world; we update our systems in near real-time; and we remain ready to respond at a moment’s notice.”
But the battle is already entering a whole new realm.
According to Gelbart, artificial intelligence (AI) is already being leveraged by both good and bad cyber security actors with the next key battle likely to centre on the rate of change in the volume of attacks, as well as their specificity and the speed at which defences can detect and adapt to them.
“In addition, General and Natural Language Processing AI is rapidly moving forward in terms of capacity and capability and this means that our ability to adapt and react to more and more legitimate-looking type threats is critical. Attacks that defeat users, existing tools and techniques, and security experts are going to become more commonplace. Ultimately, it will be machine against machine contesting a whole new battleground,” he says.
All that still lies ahead. Meanwhile, apart from low level, complex and extremely technical and targeted attacks, the e-mail security landscape is starting to mature in terms of how companies implement e-mail security as well as how they train and improve the risk awareness of their users.
“However, it takes just one user to fall victim to a ransomware or a well-crafted phishing attack for systems and businesses to become victims,” he warns.
The changed cyber security risk environment wrought by the COVID-19 pandemic made that situation abundantly clear. Businesses discovered that not only were existing enterprise security measures less effective for their end-users working from home, many fell victim to a tsunami of phishing and ransomware attacks that exploited their users' pandemic-related fears and stresses. They lost their ‘trained scepticism’ and became susceptible to traps they might not have fallen for in the past.
CTOs and IT managers largely responded to these challenges – including granting work-from-home users secure access to the business’s internal applications – by rapidly rolling out VPNs.
“Post pandemic, VPN access to corporate networks is now a ubiquitous service. It extends the enterprise perimeter to the home, allowing traditional ‘centralised security policy’ management to be enforced where end-users work on company managed devices. The problem, however, remains the number of end-users who continue to use their own devices. Ensuring that basic security standards such as anti-virus installation, scans and updates, sensible idle-time screen lock timeouts and password requirements are maintained on these devices is challenging,” Gelbart says.
He emphasises that these requirements must be included in company policies and that staff should have to sign-off these after being audited, either remotely or in the office.
In addition, as unwitting end-users remain the highest risk vector beyond vulnerable systems and networks, businesses have to provide their users with regular training and – if possible – testing to ensure they remain constantly aware of the dangers of e-mail as it pertains to their business and level of risk.
“A well-trained and sceptical user is a more resilient and secure user,” Gelbart explains.
In addition, the business must ensure that their policies are drafted in such a way that plans are in place for when – not if – their organisation is compromised.
In addition, scenarios must be played out for most at-risk situations and how they will be remediated. This process ultimately allows businesses to act strategically and put measures and plans in place to act swiftly when security breaches occur.
Gelbart points out that while cyber security providers can assist organisations to secure their networks and systems, there is only so much they can do. For example, as an e-mail security and mailbox hosting provider, SYNAQ’s responsibility starts at the edge of the internet by scanning and delivering mail free from threats to their inboxes.
“But after the mail layer, the responsibility lies with the organisation itself to protect its network and linked devices,” he adds.
Gelbart strongly recommends that CIOs and CTOs follow security threat feeds and measure emerging threats against the risks facing their specific business.
“There are many resources* available and investing in them is invaluable in keeping abreast of threats, trends and insights,” he concludes.
- Among the resources Gelbart recommends are:
https://www.cybersecurity-insiders.com/
https://www.tripwire.com/state-of-security/
Share