Security Lessons Learned From 2017

2017 was the year when malware attacks, data breaches and a host of other cyber attacks hit the headlines. The damage and disruption caused by high-profile cyber attacks, such as WannaCry, was clear for all to see. However, at the start of a new year, now is the time for our attention to move beyond those immediate consequences in an effort to better understand how and why these incidents occurred in the first place and most importantly, how to prevent furture attacks.

The below article, originally published by our email security partner, Mimecast, highlights the email security lessons we should all learn from 2017. It provides tips for anticipating and combating email security threats as well as providing recommendations for how to make your email security more resilient in 2018.

 

Email Security 2017

The headlines were filled with news of various types of big cyber attacks in 2017:

Pro Tip: Breaches like these are going to keep happening in 2018, but in 2018 GDPR will be in effect and thus there will be a whole other layer of law enforcement in effect. Remember, if you do business with any customers in Europe, GDPR applies to you. Learn more. 

Ransomware attacks and breaches grabbed most of the headlines and got the lion’s share of IT personnel’s attention.  But running after newsy breaches isn’t a good way to run your security program.

“If your security strategy is significantly influenced by the news, you’re in trouble because you’re focused on what’s grabbing headlines instead of addressing potential risks to your business,” cautions Mimecast email security expert Matthew Gardiner. “It’s useful to read about what’s happening broadly, but you need to understand the events’ relevance to you. IT professionals’ bosses read the news and think it’s important to check the organization’s readiness for this kind of attack. But attacks that make the news are just a few of millions that are occurring.  Just because it is in the news doesn’t mean it is a risk for your organization.”

In December 2017 Mimecast published our quarterly ESRA results, and what we learned is that the bigger threat to organizations is missed impersonation attacks, which occurred more than 7 times as much as missed email-borne malware. In fact, impersonation attacks skyrocketed almost 50 percent quarter-over-quarter in our testing results

Anticipating Attacks

“The average organization and the typical email security systems they are using aren’t very effective at protecting against email impersonations,” Gardiner notes. “They’re going to battle with armour that has holes in it.”

“The rise of email impersonation attacks illustrates that cybercriminals are always moving forward and changing techniques,” Gardiner asserts. “The best defenders are not just reacting, they’re being proactive. You’ve got to think like an attacker and look for vulnerabilities to ultimately improve security to try to be a step ahead.”

For example, Mimecast’s research group regularly looks for weaknesses and gaps in email security. Recently, the team found an exploit that called into question email’s immutability as a messaging system. The exploit shown by Mimecast, dubbed ROPEMAKER, enables a cybercriminal to change an email’s content easily, like editing text or replacing any URL with a malicious one — without direct access to the user’s inbox. Mimecast recently added a defence against this exploit for its customers and made other security recommendations to protect email from this threat.

Looking Ahead to 2018: Cyber Resilience for Email

Even if you don’t have a crack team of IT Security pros trying to outwit hackers by uncovering exploits, a key project for 2018 should be improving your cyber resilience for email.

Preventing known threats is just the beginning. You need a cyber resilience strategy to protect yourself from email-borne threats and to mitigate overall business risk for an application as critical as email. A holistic email protection strategy includes:

Pro Tip: Consider implementing DMARC, which addresses the literal spoofing of branded domains. DMARC makes it more difficult for malicious actors to send an email from a well-known domain, and when both the “sender” and the recipient are DMARC-enabled, the spoofed email is rejected.  But don’t expect DMARC to solve all of your phishing threats.

“Cyber thieves are always looking for opportunities to exploit your email,” Gardiner laments. “But with a strong plan for cyber resilience, you can better safeguard your organization.”

Cyber resilience for email. Sounds like a good New Year’s resolution!

 

This article was originally published on Microsoft.com. Read the original article.