The most dangerous and prolific vector of attack with malicious links, attached malware, phishing and exposure of sensitive data.
While an absolute necessity and a critical tool in business communication, the unfortunate reality is that most employees should not be allowed to use email today. Sending and receiving messages has become an activity fraught with peril, carrying unacceptable risks.
In an ideal world, the practice should just be eliminated entirely – replaced with some other inherently safer means of interaction that is more resistant to external threats.
But we live in reality, where the only option is to leverage the best tools and implement effective policies to CONTROL e-mail.
Spam
The first and most impactful area in which to establish control is with Spam or unsolicited emails. Not only do some of these messages carry dangerous content or malicious attachments, but recurring instances of junk mail can easily reduce productivity. So, a capable AntiSpam filter is a must.
Attachments
When it comes to delivering malware, email is unquestionably the most preferred method. Many of the most damaging message attachments in the wild today contain previously unseen variants or “zero day”, polymorphic threats that cannot be matched to known signatures. This means the detection engines need to be more advanced, employing predictive techniques to catch the malicious code within.
Embedded Code and Links
The lack of attached objects does not suggest the email is safe, however, as criminals can still embed attacks in the body of the message. Threats can be spawned from invisible code segments when the email is simply displayed in a web-based client like Gmail or the Outlook desktop application. Clever tactics will be employed to encourage users to click on text links, graphic objects or buttons that launch hacked web pages injected with malicious scripts. It is like a minefield for the naive or unsuspecting recipient.
Content
Effective management of email must also include protection from danger that originates from inside the organization. The most damaging email threats are not always coming from an external source. Users will frequently play fast and loose with sensitive material in messages, whether it be protected personal information or valuable intellectual property data. It is imperative that outgoing email text and attachments are evaluated to prevent both legal and competitive liabilities.