EDITOR’S QUESTION
KALLE BJORN, DIRECTOR,
SYSTEMS ENGINEERING,
FORTINET
E
mail is still the primary form of critical, formal business
communication. It’s no secret email is the gateway
to sensitive customer information, crucial databases
and other valuable data. It also continues to be the primary
conduit for malware, phishing attacks and data loss.
Any effective email security strategy has to assume that
folks will open email attachments, click on infected website
links and ultimately have their system compromised. It takes
just one person in an unthinking moment for the damage to
be done.
A compromise happens in minutes. The median time to the
first click on the attachment [of a phishing campaign] was
three minutes and 45 seconds.
The email security market has little room to be complacent.
But there are so many email security devices and solutions
available; it’s hard to know what to choose. Email security
continues to evolve to keep up with increasingly sophisticated,
multi-faceted threats and counteract stealth malware
designed to evade standard security mechanisms.
Here are a few of the latest trends that will likely emerge
even stronger down the road:
Email attacks become more targeted: Cybercriminals
have leveraged email to personalise attacks and achieve
credibility with victims as a means to increase success. But the
proliferation of advanced persistent threats and other forms
of stealth malware have taken targeted attacks to a new level.
Advanced malware becomes the status quo: Cybercriminals
have long been relying on email as a vehicle to deliver infected
PDFs, .exe files and other malicious attachments. That’s not
going to change. What will likely change, however, is the
technical sophistication of the attached malware. While
numerous reports have noted that overall spam levels have
decreased, the number of emails that come with malicious
code attached are on the rise.
Spear-phishing is standard in cybercrime arsenals: The
significant spike in advanced malware coupled with targeted
attack trends are equipping spear-phishers with increasingly
sophisticated tools to add to their arsenal. That means
www.intelligentcio.com
stealthier and more effective spear-phishing campaigns.
These days, cybercriminals are equipped with the ability to
send specialised, targeted attacks to focused groups, as well as
personalised emails to individuals, designed to trick the most
security savvy of users.
Data the new target: Once phishers were intent on acquiring
login credentials and credit card information. That hasn’t
changed, but these days, they’re also targeting high-value
Big Data that includes intellectual property, blueprints and
source code. Malware that rides on malicious attachments
increasingly possesses stealth capabilities aimed at evading
detection, silently infiltrating classified systems and lifting an
organisation’s most sensitive data.
With email still a viable threat vector for cybercrime, email
security solutions will remain in high demand for the
foreseeable future. The email security market is being forced
to adapt in order to stay relevant and combat a rapidly
evolving threat landscape.
As with other security solutions, email security needs
to incorporate new sets of robust features as part of a
comprehensive, multi-layer defence strategy, which includes
Antispam/Antimalware, Data protection/Encryption,
Reputation Protection and Data Loss Prevention.
INTELLIGENTCIO
77