Thank you for sharing!

Your article was successfully shared with the contacts you provided.

Federal agencies have 90 days to adopt a form of email security that guards against spam and phishing. This order is so critical because 97 percent of cyberattacks are the result of phishing. Out of 5,000 emails, one of them is likely to be a phishing email that causes damage. We are all a potential target. So many companies are infected right now and don’t know it, many employees cannot even identify a sophisticated phishing email, and we cannot rely on them for system security.

While many cybersecurity experts say hackers cannot be stopped, some say that’s not true, and hackers can be stopped using preemptive measures.

Kowsik Guruswamy, chief technology officer at Menlo Security, sat down with Inside Counsel to discuss breaches and how companies can protect themselves with security solutions that deliver a secure user experience.

Over the past year, the volume of phishing attacks has soared. In fact, a recent report shows a 400 percent increase in corporate phishing emails last quarter. Hackers continue to use spam and phishing because these fake emails trick users into clicking dangerous links that result in credential theft, malware, ransomware, etc. Even professionals who have been trained to spot these emails continue to click these links because they appear so real. According to Guruswamy, we cannot rely on employees to prevent cyberattacks—all agencies need a security system that protects against cybercriminals.

“There are basic measures that these agencies must implement to accelerate them into the modern cybersecurity era. They are way behind in the times,” he explained. “The measures include the adoption of DMARC, which provides basic protection against email spoofing, and ensuring that all federal agencies only provide service through websites with a secure HTTPS connection.”

These hackers have one goal in mind: Get into vital systems so they try every single day to hack into the technology that we can’t live without. It becomes a numbers game to them, said Guruswamy. Security experts who say hackers cannot be stopped take a reactive approach as opposed to a preemptive one. Cybercriminals will always try to hack into our systems, but we can catch those attacks before they reach the user.

“We know these intrusions can be stopped. We keep threats, attacks and intrusions from happening every single day,” Guruswamy said. “We developed the technology that removes these threats so that users always have a safe experience without ever accidentally clicking on a dangerous link, exposing vulnerabilities within their systems.”

According to Guruswamy, hackers can be stopped using preemptive measures. There are a few security providers who offer viable solutions. For example, Menlo can remove the threat altogether, often in the cloud, so that the user only receives a clean, safe rendering of the site they’re trying to access. For emails, they remove the dangerous link before it even has a chance to get to the user.

“Being reactive is simply easier. We have been complacent with thinking that detection is somehow going to get better over time,” he said. “It hasn’t, and unfortunately, not everyone is ready to fight the battle from the other side.”

Today, there are too many companies that have built their organizations on the theory that we can only take a reactive approach. If they bought into the preemptive strategy, it would make their business obsolete. Social engineering continues to be a simple thing for hackers to do as it relies on humans to easily fall for the deception.

So how can companies eliminate phishing threats before they happen?

Right now, there are three classes of products in the market: the email security products that understand reputation and spam, but are largely unaware of Web risks; Web proxies that know about website categories and can enforce acceptable use policies, but are unable to distinguish between a user clicking on an email link vs. someone visiting a web page by typing the URL in the browser and; training products that perform quarterly fire drills by sending fake phishing emails to users in an attempt to coach and educate them. Menlo Security’s Phishing Isolation is the first in the industry that combines all three to effectively eliminate the risk of phishing.

Amanda G. Ciccatelli is a freelance journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation and more.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2019 ALM Media Properties, LLC. All Rights Reserved.