Johannesburg, 03 Nov 2020
There can be little doubt that, despite its age, e-mail is still an absolutely critical business tool that remains widely used, not only for communications purposes, but also for the sending and receiving of confidential data. It is no surprise, then, to learn that between the societal fear of a global pandemic and the fact that a large majority of people have been forced to work from home, cyber attacks have proliferated recently.
David Jacobson, MD at SYNAQ, points out that while some people suggest that e-mail is dead, the fact that there are over three billion addresses and that this number is increasing all the time negates that idea completely. In fact, he says, any site one visits on the Internet today – including those that claim to be alternatives to e-mail – still ask you for an e-mail address when registering.
“So we are now faced with a situation where e-mail remains one of the most vital business tools, but with the manner in which cyber threats have exploded in 2020, it equally remains a significant security threat to a business. With the bad guys exploiting the needs and fears of the world in the current uncertain climate, we have witnessed in recent months a massive increase in COVID-related phishing attacks, and an overall increase in security threats of anywhere between 12% and 33%,” he says.
“The challenge with e-mail security is that unlike with applications, you cannot just send out an update to sort out the problem. The reality is that in today’s complex world, you need a multi-layered security approach to not just e-mail, but also all other critical endpoints and programs. And, of course, you need to implement end-user training and awareness around security issues – remember that from a security perspective, humans are always the weakest link.”
Jacobson therefore recommends a zero trust security approach. What this means, he says, is that the organisation should not automatically assume a person is who they say they are online, and therefore accept that they are trustworthy.
“In essence, zero trust is about assuming everything and everyone is bad, therefore the business should utilise least privilege access – giving users the least privilege they require to do what they must – as this helps to minimise users’ exposure to sensitive infrastructure and data.
“Furthermore, when it comes to deploying security, a cloud-based offering is best because, unlike typical end-point security, the cloud does not have to conform to the specific configuration of an individual machine or device. Instead, it assumes you will connect in multiple ways, through multiple devices, so the security it offers is much more all-encompassing.”
He adds that security is always a game of one-upmanship between the cyber criminals and those who hold them at bay. Jacobson says most recently, the security specialists have been forced to adopt an increasing amount of machine learning in their platforms in order to be able to keep up with new attack vectors.
“In fact, the speed of threat evolution today is such that it is imperative that a good e-mail security provider is able to offer machine learning as part of their service. In addition, it helps to be able to utilise solutions such as bi-directional scanning of e-mails, anti-spoofing and data leak prevention. They should also offer real-time on-demand scans to constantly check that sites visited remain legitimate – even if they were deemed as such as little as a week earlier.
“Like all such challenges, e-mail security is a journey, which means organisations need to ensure they choose an experienced specialist who will walk the road with them and help them to identify any and all the areas of danger. Once known, mitigation strategies can be put in place for these, although multiple strategies are required, as there is no silver bullet solution to this problem. However, working alongside a trusted partner is vital in securing what is one of your primary business communication tools – because staying secure is ultimately all about trust in the end,” he concludes.
Share