With massive data breaches emerging from every corner, the cyber threat landscape is at an all times severity. From financially-driven threats such as ransomware attacks to national security and espionage attacks, cyber criminals are getting more driven and sophisticated by the day, as attacks become more fatal.
The email, particularly Office365 & G Suite, threat landscape is no different. With malware’s main delivery vehicle being email (phishing emails mostly), and as attack tactics continue to evolve and become more destructive, organizations must ensure their cloud mailboxes and productivity apps are secure.
Newly introduced attack tactics make securing cloud email environments even more crucial. One of which is the double extortion. Different to “classic” ransomware attacks, in double extortion cyber criminals steal large quantities of sensitive information before encrypting the victim’s database, and then threaten to publish it unless the attacked organization pays their ransom demands – increasing the pressure on organizations to meet attackers’ demands. Email-based phishing has also seen a huge rise in Q3 of 2020, with sophisticated impersonation campaigns taking advantage of the current remote work situation, aiming to infiltrate organizations by stealing user’s credentials or installing malware on their machines.
With that, organizations must ensure their email security solutions are designed to prevent the most advanced attacks and zero days. To do that, security admins and CISOs should ask themselves the following questions:
1. Does your security solution provide REAL-TIME phishing protection?
Phishing is one of the most common threats to organizations. It is also one of the most versatile and sophisticated form of attacks. For these reasons and many others, real-time phishing protection is crucial to ensuring that your organization is safe, since once it reaches users – it is too late.
2. Does it cover productivity applications?
Proper phishing protection should also cover your productivity suite, which includes cloud-based email as well as commonly used productivity applications such as SharePoint, OneDrive, Teams, Google Drive, and others. Protection for email only is limited and insufficient.
3. Does it inspect every aspect of the communications, including the language used in the body?
The tool must also be able to examine the different aspects of advanced phishing emails, which include: inspecting metadata to validate the sender, inspecting email attachments to ensure that they are not malicious, validating links, checking the email against other domain intelligence, and applying click-time prevention so that links are always validated as non-malicious, as they are clicked. The tool must also be able to check the language of the email. This is because phishing emails often include subtle indications of fraud, such as text signatures, credential harvesting patterns, and expressions of urgency or a call to action that is suspicious.
4. Does it block the malware BEFORE it reaches users?
Once malware reaches the end-user’s machine, it’s too late. The solution must be able to examine every aspect of the file or attachment to ensure it is not a delivery vehicle for malware, and use more than one means for detecting and preventing evasion techniques that may be employed by the attacker.
5. Does the solution impact productivity (introduces latency)?
In order to maintain productivity without compromising security, the solution you select must be able to clean any file of active content instantly, so it can deliver it within seconds to the end-user.
6. Does it provide account takeover prevention in a layered approach?
Hijacking users’ accounts is a common practice among cyber criminals. This is typically achieved by gaining access to an account’s credentials through a phishing attack, a breach to a third-party site, or even the dark web. When evaluating an account takeover solution, it is important to consider that it should work in a layered approach. Most organizations use some sort of an identity provider, which authenticates the user by verifying some basic credentials. However, when these credentials are stolen, an added security layer is necessary to augment the authentication process. The added layer should contribute extra information to the process, including MFA (multi-factor authentication), as well as anomaly detection that can be customized to the company’s needs.
To get the full list of must-have capabilities and questions you should ask for the optimal email & office solution, download our comprehensive Buyer’s Guide to Email Security, designed for the new normal.