Email Attacks are Evolving, Is Your Inbox Security Standing Still?

Email remains an essential communication tool for business in the modern world. But despite its widespread use, most security measures are more than a decade old. Consequently, a renewed approach for enterprise email security is necessary in order for business to stay ahead of continually evolving email attacks.

Phishing is a formerly widespread approach where hackers would send a high volume of email containing malware as an attachment or in the body of the email to untargeted recipients. These emails make dubious claims that recipients have won an international lottery and seek sensitive user information. However, over time, users have grown to discern these attacks, with now only a small percentage of recipients acting on these emails.

Concurrently, email security solutions have improved and the effectiveness of leading security solutions guarantees 99% detection capability for all spam and 100% for all known viruses. These enhanced technologies identify sender emails known to distribute spam, analyze email content for word combinations and patterns commonly found in spam and use antivirus to guard against known viruses found in email attachments.

The latest upgrade to phishing, more commonly used today, is spear-phishing: a low volume, highly targeted attack. These emails no longer make wild claims promising wealth, but instead appear completely pedestrian and authentic, delivering the malware via a URL embedded in the email. Hackers compromise a legitimate domain or server allowing them to send phishing emails from a seemingly reputable address to their researched target. Using social engineering, hackers increase the likelihood that the target will take the bait. After a user clicks on the embedded URL, their computer downloads the malware and the malware proceeds to do its job of identifying network vulnerabilities. This refined approach results in the same loss of user’s confidential data.

On an average week, over 700 pieces of malware are delivered. Most (92%) through phishing attacks containing a web component that hosts the hidden malware and is able to elude traditional email gateway and antivirus defenses. To combat these attacks, organizations can utilize inbox security software/appliances that allow for creating unique self-managing email communities.

Using self-managing communities similar to those found in social networking applications, companies receive all of the email sent by customers, suppliers, partners, friends, associates and other members of their “community” while being completely shielded from both nonsense messages sent by casual abusers and devious messages from malicious criminal concerns.

The Sendio approach to email security and productivity is more a paradigm extension than a shift. We employ a “positive” security model; that is – no one is better to determine what email you want to receive than you. All of us have become very comfortable with caller-id and have embraced the verification steps required to participate in social networks. Simply put, if you want to add someone to your social network, you need to ask for their specific permission. Our “radical” improvement comes from our realization that human interaction is the key to safer, more secure and efficient email. Blocking spam is one thing – extending the positive security model to manage all “bulk” email is entirely another – and that is the Sendio difference.