There is no doubt about the devastating effect the covid-19 pandemic has had on almost everything. People are forced to stay at home and therefore work from there. Focusing on the positive, working from home can be a highly effective strategy if employees utilize effective tools and strategies to defend themselves from falling prey to a malicious email. Even though it is something employees were never really expecting, with the technological advancement in today’s society people can enjoy spending more time with their families, save travel time to their offices and over all boost personal and professional efficiency with work-life balance. Meanwhile, working on the process of transforming their homes into some type of branch office, the shattered corporate security border that had previously shielded them becomes a challenge for IT and cybersecurity teams to contend with.
With so many people working from home, cybersecurity has become a big challenge for companies especially since the perimeters were lost and crumbled during this pandemic, and quite frankly even prior. Apart from this, what is inducing sleepless nights for the IT and cybersecurity teams is the home connections the employees are using and how insecure these connections tend to be, considering a lot of home routers have known or unknown vulnerabilities and how suddenly a lot more internet service providers are being used, causing instability in bandwidth and remote meeting tools which are now being attacked to prevent remote work from being conducted. Corporate Cybersecurity teams have no visibility into the potential port scanning recon that may be occurring to their employees’ home routers that may become weaponized. They have no visibility into the configurations and no idea how to respond to an attack on a non-corporate owned asset. Corporations do have control of this major attack vector but are failing at being effective in bringing the layered defense and visibility to the forefront. While it goes without saying these well-intended strategies are just being decimated by bad actors and that attack vector is indeed email. Email security is by far the most attacked vector with a very significant aperture that just is not in use. Let us take the facts as presented by Verizon:
These issues are not entirely the employees’ fault. Traditional, secure email gateways fail to detect zero-day attacks and some vendors have a term for these emails that get through or are partially blocked, such as “Patient Zero”. This is a limitation in the functionality of the tools’ ability to recognize the attributes until it detonates in or is analyzed in a cloud sandbox. Imagine the delay in time with the billions of other emails being analyzed through these tools! Time to click is 82 seconds! Additionally, sub-controls of the tool may not be configured or may be misconfigured, allowing for further commodity phishing to get through these filters as well. Other failures at the email vector are lack of training, granularity in tools, sophisticated attacks, limitations in point solutions, lack of analysts to respond to these plethora of disfunctions within the email security vector, siloed teams, among others. Hands are up and the cycle continues, on and on, attack after attack. A situation of the median impact of a single successful phishing attack is roughly 10% of incidents, costing $10M+.
Cybercriminals’ deceptive email lures are designed to entice an employee to click to harvest credentials or download weaponized payloads that key log, take screenshots, turn on web cams, microphones, and send this information back to the adversary-controlled infrastructure, where they can review or remotely monitor the employees work. Email has always been the main channel for communication and will continue to be a main vector, which is why rapid response is a necessity. Attackers are acting fast and getting even more creative. They know everyone is vulnerable, understand the chaos and know they will benefit from it. Email is the most common and inexpensive channel for these criminals. All they need is ‘one-click’ to call it a success. When employees are working remotely, especially in today’s quarantine situation, they are balancing a lot of different things. It is an easy honest mistake for them to act on a malicious email, resulting in a compromised situation that can lead to a breach and with that some severe monetary penalties can come.
Apart from individual cybercriminal and the well-known Threat Actors, cyber defense teams must deal with the Nation State attackers too.
Source: VDBIR 2019
In conjunction with all the technical tool disparity and orchestration of the stack, your cyber defense team must be a symphony to protect the borderless perimeter as we know it. Many organizations are understaffed and cannot compete with the influx of these malicious email campaigns. Therefore, THETA432 created I.R.I.S., TRU-A, A.V.A, DRX and M.I.L.O to assist us in protecting your network. Additionally, we use Ironscales as our last resort to gain insight into malicious emails, remove them from the user’s inbox, tag them as possible malicious emails to bring about better awareness, and integrate them into our current, cyber-threat intelligence processes. If you would like to set up a meeting with us to introduce you to the Ironscales platform, let us know!
At THETA432, we understand that one of the weakest links in any organization's cybersecurity strategy is your email communication. Reach out to us and see what we have to offer to help your company stabilize your cybersecurity strategies, efforts and email security.
Free Sample Diagram of Layered Security:
Basheer Ahmed Khan
Theta432 Director of Operations, India