Security Lessons Learned From 2017
2017 was the year when malware attacks, data breaches and a host of other cyber attacks hit the headlines. The damage and disruption caused by high-profile cyber attacks, such as WannaCry, was clear for all to see. However, at the start of a new year, now is the time for our attention to move beyond those immediate consequences in an effort to better understand how and why these incidents occurred in the first place and most importantly, how to prevent furture attacks.
The below article, originally published by our email security partner, Mimecast, highlights the email security lessons we should all learn from 2017. It provides tips for anticipating and combating email security threats as well as providing recommendations for how to make your email security more resilient in 2018.
The headlines were filled with news of various types of big cyber attacks in 2017:
- WannaCry. In early 2017, this crypto ransomware impacted more than 200,000 computer systems at small businesses, multinational corporations, healthcare and educational institutions in 150 countries.
- Petya. Another ransomware attack, Petya attacked machines running Microsoft Windows and demanded $300 payable in Bitcoin, to regain access. It nailed large law firms, advertising firms and other big organizations.
- Equifax breach: About 145.5 million people around the world were affected by the Equifax breach, and Equifax themselves certainly paid the price with stock losses, legal fees and regulatory fines associated with the breach. Equifax stock plummeted 35% after the breach – losing almost $6 billion in market capitalization. And in November, it was hit with a 50-state class-action suit.
- Yahoo breach: Though the actual breach occurred in 2013, it only came to light this year, when it was revealed that 3 billion accounts – from email, Flickr, Tumblr and more – were lost. The cybercriminals got away with email addresses, account names and passwords. The “good news”? No financial data was exposed.
Pro Tip: Breaches like these are going to keep happening in 2018, but in 2018 GDPR will be in effect and thus there will be a whole other layer of law enforcement in effect. Remember, if you do business with any customers in Europe, GDPR applies to you. Learn more.
Ransomware attacks and breaches grabbed most of the headlines and got the lion’s share of IT personnel’s attention. But running after newsy breaches isn’t a good way to run your security program.
“If your security strategy is significantly influenced by the news, you’re in trouble because you’re focused on what’s grabbing headlines instead of addressing potential risks to your business,” cautions Mimecast email security expert Matthew Gardiner. “It’s useful to read about what’s happening broadly, but you need to understand the events’ relevance to you. IT professionals’ bosses read the news and think it’s important to check the organization’s readiness for this kind of attack. But attacks that make the news are just a few of millions that are occurring. Just because it is in the news doesn’t mean it is a risk for your organization.”
In December 2017 Mimecast published our quarterly ESRA results, and what we learned is that the bigger threat to organizations is missed impersonation attacks, which occurred more than 7 times as much as missed email-borne malware. In fact, impersonation attacks skyrocketed almost 50 percent quarter-over-quarter in our testing results
“The average organization and the typical email security systems they are using aren’t very effective at protecting against email impersonations,” Gardiner notes. “They’re going to battle with armour that has holes in it.”
“The rise of email impersonation attacks illustrates that cybercriminals are always moving forward and changing techniques,” Gardiner asserts. “The best defenders are not just reacting, they’re being proactive. You’ve got to think like an attacker and look for vulnerabilities to ultimately improve security to try to be a step ahead.”
For example, Mimecast’s research group regularly looks for weaknesses and gaps in email security. Recently, the team found an exploit that called into question email’s immutability as a messaging system. The exploit shown by Mimecast, dubbed ROPEMAKER, enables a cybercriminal to change an email’s content easily, like editing text or replacing any URL with a malicious one — without direct access to the user’s inbox. Mimecast recently added a defence against this exploit for its customers and made other security recommendations to protect email from this threat.
Looking Ahead to 2018: Cyber Resilience for Email
Even if you don’t have a crack team of IT Security pros trying to outwit hackers by uncovering exploits, a key project for 2018 should be improving your cyber resilience for email.
Preventing known threats is just the beginning. You need a cyber resilience strategy to protect yourself from email-borne threats and to mitigate overall business risk for an application as critical as email. A holistic email protection strategy includes:
- Before – Email Security: Spam controls and anti-virus tools aren’t enough anymore. To address advanced security threats, you need email cloud security services that protect against more sophisticated and targeted email-borne threats.
Pro Tip: Consider implementing DMARC, which addresses the literal spoofing of branded domains. DMARC makes it more difficult for malicious actors to send an email from a well-known domain, and when both the “sender” and the recipient are DMARC-enabled, the spoofed email is rejected. But don’t expect DMARC to solve all of your phishing threats.
- During – Mitigation: When you are attacked, you need systems in place to keep the infection from getting bigger and spreading farther.
- During – Continuity: Your business needs to keep running before, during and after a cybercrime. Downtime and outages only add to the financial and business impact.
- After – You need recoverability built into your program. The ability to quickly get back up and running – such as from a ransomware attack – is critical to your business. You never want to be in the position of even considering to pay the ransom.
“Cyber thieves are always looking for opportunities to exploit your email,” Gardiner laments. “But with a strong plan for cyber resilience, you can better safeguard your organization.”
Cyber resilience for email. Sounds like a good New Year’s resolution!
This article was originally published on Microsoft.com. Read the original article.