Cybersecurity Retarus

Email: main access channel for cyber attackers, how to protect ourselves?

Pinterest LinkedIn Tumblr

Cybersecurity in the Industry plays a more critical role every day, therefore, sensitizing the personnel who work in it about cyber attacks or preemptively blocking the countries of origin of a large number of cyber attacks are two of the ways in which companies they can protect themselves.

Corporate email continues to be the main access channel for malware in companies. Retarus analyzes this serious problem and launches a series of recommendations to companies so that the business is always running – even when attacked by cybercriminals.

Information technology security is one of the key priorities for any company: protecting systems and confidential data is a prerequisite for doing business. Cyberattacks are on the rise due to the speed of malware development and the lack of in-house skills for managing such situations. According to the “IX Report on Cyber Crime” drawn up by the Spanish government’s Ministry of the Interior, cyber-attacks in Spain in 2021 increased by 6.1% when compared with the previous year. Companies are aware of this: according to a 2021 Accenture study, 15% of companies’ total spending was aimed at protecting the company’s network system.

Companies need to adopt a suitable solution that is prepared for the following scenarios:

  1. Defense against social engineering attacks
    In CEO fraud attacks, cybercriminals pretend to be a company’s CEO and send fake emails to their victims asking them to transfer large amounts of money. Using special tools, companies can identify the fake sender addresses used for these targeted attacks and expose the emails as attempted fraud before any financial transaction has been carried out.
  2. Defense against previously unknown malware
    When previously unknown threats such as ransomware appear for the first time they are often not filtered immediately. As a result, they can spread unnoticed across the corporate network. The longer they go undetected, the greater their impact will be in the company. Sandboxing, for example, executes the selected attachments in a virtual, secure test environment, and checks whether there is any unusual behavior before delivering the email to the recipient.

    Well-equipped email security providers also offer functions such as deferred delivery analysis. This is an advanced analysis that is done by re-scanning the selected attachments after a delay. This means that, should there be a wave of new malware attacks, the signatures for the virus engines that are not yet available during the initial analysis may be available when the new analysis is run.
  3. Defense against cybercriminals when they have penetrated the company’s infrastructure
    Security solutions usually work reliably and detect most malicious programs before they even get into the network. However there is no such thing as one hundred percent protection against attacks. Post-delivery protection technologies such as Patient Zero Detection patented by Retarus, do not merely identify the malware and the phishing links in emails that have been delivered. They also move and automatically eliminate the messages concerned.

    At the same time, the administrator and, optionally, the recipient are immediately alerted. In any case, forensic analysis and the containment of potential damage are drastically simplified and reduced.

    For emergencies, the disaster prevention strategy should also include an email continuity solution. This failover solution is constantly active in the background, intervening immediately if the email infrastructure is unavailable due to security incidents, or server/cloud failures. This guarantees that the affected company’s email communication continues uninterrupted.
  4. Preventive blocking of countries where many cyber attacks seem to originate
    Particularly in the current political situation, some companies feel they need to isolate all messages from certain regions or countries as a precautionary measure, be it purely for security reasons or due to internal compliance requirements. Special corporate email infrastructure services enable IT operatives to analyze and, when necessary, block all email traffic based on rule sets they themselves have defined before entering the corporate infrastructure.

    For instance, many company-specific rules relating to security can be created. Emails can be processed specifically according to their country of origin (GeoIP). Depending on the configuration, this may involve isolating the message in the user’s quarantine area. As well as the geographic origin, the language in the body of the email can be identified and used to trigger automated rules
  5. User education as a defense against the “human insecurity factor”
    As in all fraud schemes, the “human insecurity factor” remains the case for all cyberattacks: companies should regularly bring this to their employees’ attention. The best way to educate your staff is to give them concrete examples such as informing employees that they should be advised to never click on links or attachments in suspicious emails (including links to unsubscribe), and not to enter passwords or personal data in the linked websites. In general, suspicious emails should not be replied to or forwarded.

    As well as increasing vigilance in relation to these threats, transparent norms also help. Companies can protect themselves against executive fraud, for example, by applying basic limits on transfers and well defined control and approval processes.

Comments are closed.