Menlo Security Talks with Law.Com About Security Risk 11/3/17
Email Security at Risk: How to Stop Hackers in Their Tracks
Federal agencies have 90 days to adopt a form of email security that guards against spam and phishing. This order is so critical because 97 percent of…
By Amanda Ciccatelli|November 03, 2017
Federal agencies have 90 days to adopt a form of email security that guards against spam and phishing. This order is so critical because 97 percent of cyberattacks are the result of phishing, out of 5,000 emails, one of them is likely to be a phishing email that causes damage. We are all a potential target. So many companies are infected right now and don’t know it, many employees cannot even identify a sophisticated phishing email, and we cannot rely on them for system security.
While many cybersecurity experts say hackers cannot be stopped, some say that’s not true, and hackers can be stopped using preemptive measures.
Kowsik Guruswamy, chief technology officer (CTO) at Menlo Security, sat down with Inside Counsel to discuss breaches, and how companies can protect themselves with security solutions that deliver a secure user experience.
Over the past year, the volume of phishing attacks has soared. In fact, a recent report shows a 400 percent increase in corporate phishing emails last quarter. Hackers continue to use spam and phishing because these fake emails trick users into clicking dangerous links that result in credential theft, malware, ransomware, etc. Even professionals who have been trained to spot these emails continue to click these links because they appear so real. According to Guruswamy, we cannot rely on employees to prevent cyberattacks–all agencies need a security system that protects against cybercriminals.
“There are basic measures that these agencies must implement to accelerate them into the modern cybersecurity era. They are way behind in the times,” he explained. “The measures include the adoption of DMARC, which provides basic protection against email spoofing, and ensuring that all federal agencies only provide service through websites with a secure HTTPS connection.”
These hackers have one goal in mind: Get into vital systems so they try every single day to hack into the technology that we can’t live without. It becomes a numbers game to them, said Guruswamy. Security experts who say hackers cannot be stopped take a reactive approach as opposed to a preemptive one. Cybercriminals will always try to hack into our systems, but we can catch those attacks before they reach the user.
“We know these intrusions can be stopped. We keep threats, attacks and intrusions from happening every single day,” Guruswamy said. “We developed the technology that removes these threats so that users always have a safe experience without ever accidentally clicking on a dangerous link, exposing vulnerabilities within their systems.”
According to Guruswamy, hackers can be stopped using preemptive measures. There are a few security providers who offer viable solutions. For example, Menlo can remove the threat altogether, often in the cloud, so that the user only receives a clean, safe rendering of the site they’re trying to access. For emails, they remove the dangerous link before it even has a chance to get to the user.
“Being reactive is simply easier. We have been complacent with thinking that detection is somehow going to get better over time,” he said. “It hasn’t, and unfortunately, not everyone is ready to fight the battle from the other side.”
Today, there are too many companies that have built their organizations on the theory that we can only take a reactive approach. If they bought into the preemptive strategy, it would make their business obsolete. Social engineering continues to be a simple thing for hackers to do as it relies on humans to easily fall for the deception.
So how can companies eliminate phishing threats before they happen?
Right now, there are three classes of products in the market: the email security products that understand reputation and spam, but are largely unaware of Web risks; Web proxies that know about website categories and can enforce acceptable use policies, but are unable to distinguish between a user clicking on an email link versus someone visiting a Web page by typing the URL in the browser and; training products that perform quarterly fire drills by sending fake phishing emails to users in an attempt to coach and educate them. Menlo Security’s Phishing Isolation is the first in the industry that combines all three to effectively eliminate the risk of phishing.
Amanda G. Ciccatelli is a Freelance Journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more.