1. Close the window of exposure
The threat landscape moves incredibly quickly these days with new threats being born every minute. Look for an email security solution that offers real-time classification in order to catch the threats as they happen.
2. Don’t fall for social engineering scams
Cleverly wrapped social engineering scams use highly customised phishing emails and recently we’ve seen some diversification of social engineering in malicious spam. Spammers have abused big brand names to entice possible victims into clicking on URLs in messages. In June 2010 approximately 85% of all email was spam (Source – Websense Security Labs) and in the last few months we saw lures involving Facebook, Twitter, iTunes, Amazon, Adobe, and even job applications. Along with malicious attachments, embedded malicious links in email is a major threat, Our analysis shows that in June alone 81% of spam included an embedded URL. Most email solutions do not adequately protect against these.
3. Beware the return of the attachment
In 2010, emails – often using popular topics – have re-emerged as a key medium for spreading files and delivering Trojans as attachments following an upsurge last year. Researchers have also seen increasingly sophisticated blended attacks that are difficult to close down, as well as simple malicious data stealing attachments and URLs.
Earlier this year, we saw the ever-present threat, Zeus, sending out a clever new campaign of emails. This campaign took great care in tricking victims into downloading malware. These Zeus messages contained a PDF attachment as well as a link to a malicious executable file in the email message. To make the messages more believable, they were made to look like forwarded mail from a security director within your company which explained that Adobe Reader needed to be updated.
4. Unify your security to stop converged threats
Guard against blended threats with an email security solution that also takes intelligence from Web security and data security technology to achieve unparalleled visibility into both existing and emerging threats. Scammers use a combination of all three areas – email, web and data stealing – so it makes sense to have a unified security solution which takes all three areas into account. A combined unified solution provides one of the highest levels of email protection from inbound and outbound email security risks.
5. Keep your security up to date
Because of the dynamic nature of threats, real-time updates are critical. One of the easiest ways of managing this is to opt for Security-as-a-Service (SaaS). SaaS provides the latest and greatest software and threat intelligence and ensures exceptional Web and Email security services without the cost and complexity of on-premise equipment.
SaaS shifts all security inspection, enforcement, and management processes from your business location to globally available datacentres “in the cloud” which allows you to stop email threats such as spam, viruses, and other malware before it reaches your corporate the network. With this infrastructure, email security services can be deployed across large and small offices located around the world in minutes. Businesses can gain all the benefits of up to date content security, while eliminating the distribution, deployment, and ongoing upgrade of on-premise hardware.
Adam Bradley is ANZ Country Manager, Websense.