Email Security at Risk: How to Stop Hackers in Their Tracks
Federal agencies have 90 days to adopt a form of email security that guards against spam and phishing. This order is so critical because 97 percent of…
November 03, 2017 at 01:23 PM
8 minute read
Federal agencies have 90 days to adopt a form of email security that guards against spam and phishing. This order is so critical because 97 percent of cyberattacks are the result of phishing. Out of 5,000 emails, one of them is likely to be a phishing email that causes damage. We are all a potential target. So many companies are infected right now and don't know it, many employees cannot even identify a sophisticated phishing email, and we cannot rely on them for system security.
While many cybersecurity experts say hackers cannot be stopped, some say that's not true, and hackers can be stopped using preemptive measures.
Kowsik Guruswamy, chief technology officer at Menlo Security, sat down with Inside Counsel to discuss breaches and how companies can protect themselves with security solutions that deliver a secure user experience.
Over the past year, the volume of phishing attacks has soared. In fact, a recent report shows a 400 percent increase in corporate phishing emails last quarter. Hackers continue to use spam and phishing because these fake emails trick users into clicking dangerous links that result in credential theft, malware, ransomware, etc. Even professionals who have been trained to spot these emails continue to click these links because they appear so real. According to Guruswamy, we cannot rely on employees to prevent cyberattacks—all agencies need a security system that protects against cybercriminals.
“There are basic measures that these agencies must implement to accelerate them into the modern cybersecurity era. They are way behind in the times,” he explained. “The measures include the adoption of DMARC, which provides basic protection against email spoofing, and ensuring that all federal agencies only provide service through websites with a secure HTTPS connection.”
These hackers have one goal in mind: Get into vital systems so they try every single day to hack into the technology that we can't live without. It becomes a numbers game to them, said Guruswamy. Security experts who say hackers cannot be stopped take a reactive approach as opposed to a preemptive one. Cybercriminals will always try to hack into our systems, but we can catch those attacks before they reach the user.
“We know these intrusions can be stopped. We keep threats, attacks and intrusions from happening every single day,” Guruswamy said. “We developed the technology that removes these threats so that users always have a safe experience without ever accidentally clicking on a dangerous link, exposing vulnerabilities within their systems.”
According to Guruswamy, hackers can be stopped using preemptive measures. There are a few security providers who offer viable solutions. For example, Menlo can remove the threat altogether, often in the cloud, so that the user only receives a clean, safe rendering of the site they're trying to access. For emails, they remove the dangerous link before it even has a chance to get to the user.
“Being reactive is simply easier. We have been complacent with thinking that detection is somehow going to get better over time,” he said. “It hasn't, and unfortunately, not everyone is ready to fight the battle from the other side.”
Today, there are too many companies that have built their organizations on the theory that we can only take a reactive approach. If they bought into the preemptive strategy, it would make their business obsolete. Social engineering continues to be a simple thing for hackers to do as it relies on humans to easily fall for the deception.
So how can companies eliminate phishing threats before they happen?
Right now, there are three classes of products in the market: the email security products that understand reputation and spam, but are largely unaware of Web risks; Web proxies that know about website categories and can enforce acceptable use policies, but are unable to distinguish between a user clicking on an email link vs. someone visiting a web page by typing the URL in the browser and; training products that perform quarterly fire drills by sending fake phishing emails to users in an attempt to coach and educate them. Menlo Security's Phishing Isolation is the first in the industry that combines all three to effectively eliminate the risk of phishing.
Amanda G. Ciccatelli is a freelance journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation and more.
Federal agencies have 90 days to adopt a form of email security that guards against spam and phishing. This order is so critical because 97 percent of cyberattacks are the result of phishing. Out of 5,000 emails, one of them is likely to be a phishing email that causes damage. We are all a potential target. So many companies are infected right now and don't know it, many employees cannot even identify a sophisticated phishing email, and we cannot rely on them for system security.
While many cybersecurity experts say hackers cannot be stopped, some say that's not true, and hackers can be stopped using preemptive measures.
Kowsik Guruswamy, chief technology officer at Menlo Security, sat down with Inside Counsel to discuss breaches and how companies can protect themselves with security solutions that deliver a secure user experience.
Over the past year, the volume of phishing attacks has soared. In fact, a recent report shows a 400 percent increase in corporate phishing emails last quarter. Hackers continue to use spam and phishing because these fake emails trick users into clicking dangerous links that result in credential theft, malware, ransomware, etc. Even professionals who have been trained to spot these emails continue to click these links because they appear so real. According to Guruswamy, we cannot rely on employees to prevent cyberattacks—all agencies need a security system that protects against cybercriminals.
“There are basic measures that these agencies must implement to accelerate them into the modern cybersecurity era. They are way behind in the times,” he explained. “The measures include the adoption of DMARC, which provides basic protection against email spoofing, and ensuring that all federal agencies only provide service through websites with a secure HTTPS connection.”
These hackers have one goal in mind: Get into vital systems so they try every single day to hack into the technology that we can't live without. It becomes a numbers game to them, said Guruswamy. Security experts who say hackers cannot be stopped take a reactive approach as opposed to a preemptive one. Cybercriminals will always try to hack into our systems, but we can catch those attacks before they reach the user.
“We know these intrusions can be stopped. We keep threats, attacks and intrusions from happening every single day,” Guruswamy said. “We developed the technology that removes these threats so that users always have a safe experience without ever accidentally clicking on a dangerous link, exposing vulnerabilities within their systems.”
According to Guruswamy, hackers can be stopped using preemptive measures. There are a few security providers who offer viable solutions. For example, Menlo can remove the threat altogether, often in the cloud, so that the user only receives a clean, safe rendering of the site they're trying to access. For emails, they remove the dangerous link before it even has a chance to get to the user.
“Being reactive is simply easier. We have been complacent with thinking that detection is somehow going to get better over time,” he said. “It hasn't, and unfortunately, not everyone is ready to fight the battle from the other side.”
Today, there are too many companies that have built their organizations on the theory that we can only take a reactive approach. If they bought into the preemptive strategy, it would make their business obsolete. Social engineering continues to be a simple thing for hackers to do as it relies on humans to easily fall for the deception.
So how can companies eliminate phishing threats before they happen?
Right now, there are three classes of products in the market: the email security products that understand reputation and spam, but are largely unaware of Web risks; Web proxies that know about website categories and can enforce acceptable use policies, but are unable to distinguish between a user clicking on an email link vs. someone visiting a web page by typing the URL in the browser and; training products that perform quarterly fire drills by sending fake phishing emails to users in an attempt to coach and educate them. Menlo Security's Phishing Isolation is the first in the industry that combines all three to effectively eliminate the risk of phishing.
Amanda G. Ciccatelli is a freelance journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation and more.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLegal Departments’ Lack of Third-Party Oversight Leaving Small, Midsized Banks Exposed
4 minute readTen Best Practices to Protect Your Organization Against Cyber Threats
7 minute readSEC Fines 4 Companies $7M for Downplaying Breaches Tied to Massive SolarWinds Hack
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250