Preventing another ransomware attack: What to look for in an email security provider




By 

Over the past year, it feels like not a single day goes by without learning of a major cyberattack that originated via a phishing or spear-phishing campaign. In fact, at the time of writing this blog post, news broke of two major events; one in which dozens of UK hospitals were hit with ransomware and another in Spain, in which the telecommunications enterprise Telefonica was held at ransom. As it turns out, these two events were part of a historically large coordinated global attack that infected thousands of organizations in more than 150 countries with what is known as WannaCry malware. According to CNBC:

The WannaCry malware spreads as a worm — scanning other computers linked to any machine or system it infects for the same defect and leaping onto them — through a vulnerability in Microsoft systems, particularly on outdated software like Windows XP or Windows Server 2003.

Within 24 hours of discovery, many researchers and media outlets reported that that attack likely began with email phishing.

The WannaCry attack, which unfolded less than two weeks since the massive Google Docs attack disrupted businesses around the world, have undoubtedly left organizations with lots of questions about their cybersecurity investments. The average large business, after all, currently spends $15 million annually battling cybercrime, while companies in healthcare and financial services are on record as allocating close to, if not more than, $100 million per year. With such hefty percentages of annual operating budgets dedicated to cybersecurity, stakeholders – from the board chair to modest investors – are beginning to ask serious questions about ROI.

Despite questioning spend, companies are smart to continue investing in a defense-in-depth strategy in which numerous tools, technologies and solutions for networks, data and endpoints work together as a fortress against attackers. However, one weak link in the defense can sometimes cause a ripple effect that renders the conglomerate of security product ineffective. Email phishing is an obvious example. If email security fails to detect a suspicious email, and if someone in the organization clicks on a malicious link or downloads a bad attachment, then attackers may have the access they need to execute a successful attack; regardless of what other cybersecurity solutions are in place.

Therefore, there is an argument to be made that email security is one of the most important components of any cybersecurity strategy. With so many attacks, including the majority of those with ransomware, beginning with email phishing, it is likely more important than ever for organizations to invest in email security that is proven to reduce risk.

But with so many vendors to choose from, many of which look and sound the same, how can email security buyers know where to begin and what to prioritize? Here are the top 5 considerations when selecting an email security technology. 

The 5 Must Haves of Email Security 

  1. Machine Learning – Knowing that the use of signature/signature-based solutions, such as spam filters, continues as the status quo, sophisticated attackers often find their hacking tools and techniques relatively unchallenged by enterprise defenses that follow rules. And although there is almost universal agreement by malware researchers to ditch YARA Rules, many cybersecurity solutions are lagging in doing so. When analyzing email security products, look for technologies that replace the reliance on signature/signature based spam filters and gateway security solutions with machine learning technology. Since machines continuously get smarter and aren’t limited by rules, they can accelerate email phishing prevention, detection, mitigation and remediation, with or without the security team’s involvement.
  1. Automated Incident Response – Richard Struse, the chief advanced technology officer at the U.S. Department of Homeland Security recently stated, “organizations can reduce the workload on their security analysts and help them to do a better job by dealing only with the exceptions that cannot be addressed automatically based on policy.” With email phishing attacks, time is of the essence. After all, eventually a few users click on malicious links or download a bad attachment and the entire organization will become compromised. As such, buyers should seek out email security that can automatically respond to suspicious emails through real-time analysis and quarantine which can reduce or even eliminate the number of employee interactions with the phishing email. By limiting exposure to attacks, organizations can significantly decrease their odds of attack success, reduce the burden on their security teams, minimize false positives and expedite the time from attack discovery to enterprise-wide remediation from weeks to minutes.
  1. Actionable Collaboration – Also according to Struse, “By creating an ecosystem in which cyber threat intelligence – actionable, machine-readable information – is shared in real time and can be consumed automatically, defenders can begin to eliminate the asymmetry that currently favors attackers.” Last year there were more than one million phishing attacks discovered worldwide, a 65 percent increase from the previous year. Such an abundance of verified attacks presents unprecedented opportunities to share information among customers so that they can proactively defend against the same attack, should it come for them. While there is a deficiency with information sharing in cybersecurity overall, it is particularly bad among email security vendors. Today’s buyers should demand that their email security offer real-time actionable collaboration, integrated with automated incident response, as a means to better prepare and respond to newly trending attacks before they target your employees’ inboxes.
  1. Human & Machine Augmentation – What most of the cybersecurity industry and many organizations don’t yet fully understand is that to truly minimize the risk of email phishing attacks, machines and humans must continuously work together. As a recent article in MIT stated, “artificial Intelligence predicts cyber-attacks significantly better than existing systems by continuously incorporating input from human experts.” When combined, humans and machines can consistently leverage each other’s strengths in identifying and responding to phishing threats.
  1. Integration Ready – There is no one cybersecurity solution that would not benefit from additional external integrations, especially those that are already in place or can be provided as cloud based services. Email security must play nicely with Sandbox, Multi AV, Intelligence and SIEM solutions to add value and increase protection for the consumers.

On the heels of the WannaCry and Google Docs attacks, email security is arguably as important now than in any time in cybersecurity history. For as long as attackers keep having success in beating safeguards via email phishing campaigns, they will continue to do so. Fortunately, IRONSCALES is a pioneer of anti-phishing technologies that create a multi-layered defense to email security. By combining human intelligence with machine learning, IRONSCALES can help prevent, detect, mitigate and remediate email phishing attacks in minutes, without much security team involvement.




Be the first to comment

Leave a Reply