Insights
06 novembre 2024
Insights
Ransomware, malware, data breaches of sensitive corporate information, and impersonation for fraudulent purposes are among the most dangerous threats to businesses today, a frequent cause of downtime, financial losses, and reputational damage to customers. While they may seem different, these threats have a common starting point: receiving an email. Protecting email and preventing messages from spoofed senders or containing malicious links from reaching their destination is becoming increasingly urgent. Let's take a closer look at the risks and what you can do to protect yourself effectively.
When in October 1971, programmer Ray Tomlinson, already engaged in the development of Arpanet (the proto-internet) successfully tested his software by sending the first e-mail message in history, no one would have imagined the development and importance that this innovation would acquire over time. Although today there are many means of sharing data and processes in the digital environment, e-mail remains fundamental in personal and business relationships due to its simplicity and universality.
It is not surprising that this medium has undergone tremendous development, originally facilitated by the choice to use simple and open transmission protocols, but unfortunately not designed to be reliable in terms of security. The result is an extreme ease in falsifying a sender or disguising the sending server. A problem known to experts and virtuous users who do not click lightly on links sent, ostensibly, by the bank or by improbable winning committees. The e-mail is not secure: all it takes is naivety or the distraction of an employee caught up in the rush to put company security at risk.
The ability of e-mail to reach every person, convey files and links to external sites is essential in business, but it also represents a danger since counterfeit e-mail messages are the gateway for malware with which most cyber attacks are carried out today (36 per cent, according to the Clusit Report 2023). Malware, i.e. malicious software that exploits specific software vulnerabilities, is the vehicle that allows cyber criminals to take control of systems, exploit network access to acquire information and carry out other violations.
Well-known and very fearsome attacks such as ransomware (in its simplest form, it consists of seizing data by encryption and then demanding a ransom to obtain the release of the key) are the end product of a chain of violations that often started with an e-mail. The risk of systems being blocked and the burden of payment are not the only problem for those being attacked. In fact, the exfiltration of credentials and data that may end up for sale on the illegal channels of the dark web to the benefit of the illicit actions of other groups, for instance, to the detriment of customers and other companies in the chain, are to be feared.
Email is also used to carry out phishing attacks (the user is taken to a fake site of the bank or other service in order to steal credentials), identity substitution and social engineering (in total they account for 11% of attacks, according to Clusit). Social engineering is particularly insidious when a combination of time, interpersonal and other factors, well known to attackers, are exploited to credit as real an e-mail that would otherwise have merited verification.
For the reasons mentioned above, e-mail protection is now a key defence, alongside specific tools to recognise malware and pirate actions once attackers have penetrated the corporate network. A protection that is effectively realised with advanced platforms, such as MS Defender for Office365, designed to take advantage of the power of the cloud and operate transparently with the email applications currently in use. However, like other similar platforms, protection is not only guaranteed by the platform, but its proper configuration and maintenance over time are essential.
Configuration is not something that can be done off the shelf or left to system defaults, which would result in a false perception of protection. It must be tailor-made for the company, the people who use e-mail and the day-to-day working relationships with customers and partners. The dynamism of threats makes it necessary to keep up and adapt protection systems also to physiological internal changes in customer infrastructures.
Only by integrating and updating this information in the configurations can the e-mail protection platform recognise counterfeit senders, domains, as well as links to suspicious sites that the company does not normally have to deal with.
With a timely and up-to-date configuration, an e-mail protection platform is able to identify and report e-mails that originate from known senders but which originate from mail servers other than the usual ones or from geographies outside the company's work area. A system capable of blocking, for example, a change of destination of goods already paid for on the day when the manager responsible is not reachable on the phone. Similarly, phishing attempts to imitate known services are foiled.
For e-mail protection to be effective, Tinext Managed Cloud Services carries out the configuration of the system in collaboration with the customer, providing assistance for the start-up phase and the help needed to correctly interpret the technical reports generated by the software. Optimisation of operation, particularly in terms of reducing false positives and negatives, is an integral part of the added value that Tinext Managed Cloud Services offers the customer.
A typical email protection project starts with an assessment of the customer's protection needs; needs that may be very different when, for instance, people's financial or health data are at stake, or if encryption, non-repudiation, long-term archiving, or data immutability guarantees are required. Tinext Managed Cloud Services can provide the desired solution, complete it with training in the use of the platform (carried out through partners), as well as updates to maintain the highest level of protection following changes in the corporate organisation or the emergence of new cybersecurity threats.