Stopping Email Threats at the Door

Adenike Cosgrove, Proofpoint International’s Senior Director of Product Marketing, argues that the risk of numerous cyber threats can be significantly reduced by improving email security – the number one ransomware threat vector

Global cybersecurity spending is projected to reach US $302 bn by 2022, according to researcher Cybersecurity Ventures. But for all the investment going into security, threat actors still largely rely on off-the-shelf malware to breach organizations.

Speaking at CISO London 2021, Proofpoint International’s Senior Director of Product Marketing Adenike Cosgrove, argues that cybercriminals continue to flourish because of the lack of focus on improving endpoint security, especially where employees are concerned.

Anatomy of an Attack

Cosgrove notes the shift to people-centric attacks where criminals trick people into clicking links, serving as a gateway to more sophisticated attacks.

She says: "We need to shift our thinking to how the attacks start because, in over 75% of these breaches, it starts with malware disguised as an email. It might be a lottery scam, a message sent to someone in HR as a fake job application or, as we’re seeing more recently, a message meant to weaponize an employee.”

People are often considered the weakest cybersecurity link; Cosgrove reveals that criminals are now coercing employees into working as insiders for the syndicates. They promise employees a share of the ransom for simply compromising the system.

“Are we considering the fact that not only do people make mistakes, but they might also be malicious? How many of our employees would say no to a million dollars?” she asks.

Once the ransomware has been paid, some hacker groups might leave the organization with tips to avoid similar attacks in the future, but they’ll only share so much information.

“You need to figure out the rest yourself. One way to do this is to look at the attack chain: Find where the criminals are coming in. Look where they start and end the attack,” she advises.

Preventing an email attack

Email security can be significantly improved by focusing on three key factors, according to Cosgrove:

1. Prevention. If most of the malware that leads to ransomware is off-the-shelf technology, it should be known and blocked at the gateway. People also need to be made aware that they're being targeted, not just through generic training. They need to be shown the threats blocked and taught to notify IT of any suspicious email so that if it is found in anyone else’s inbox, it can be pulled. That’s the integration of people and technology, she says.
2. Isolation. Users should be able to browse in an isolated browser. That way they can click and download without installing any malware on the end device.
3. Response. If a link that was once good has been weaponized because of a vulnerability, it should be blacklisted for everyone in the organization.

Key Takeaways:

• Ransomware is an email problem. Social engineering remains a major cybersecurity vulnerability
• People are the weakest link. Most threats can be reduced by implementing email security controls that will prevent people from interacting with payloads
• Prevention, isolation and response. Organizations typically focus on the end of the attack chain, trying to detect and respond when things have gone wrong instead of focusing on preventing threat actors from breaching the endpoint

Discover more of the conversation from CISO London 2021 about how ransomware will evolve in the coming year here