2020/02/24 IT & Cyber-Security Solutions 1130 visit(s)
With Office365 overtaking Exchange so rapidly, it is clear that O365 has already become the dominant email security platform for businesses.
Email security remains a top priority in 2020 as organizations continue to face the threat of spam, ransomware, malware and costly email compromise. The email attack surface is also expanding. Despite growing use of cloud-based collaboration tools and SMS for business, email remains the most common method for exchanging corporate information, with 74 percent of survey respondents choosing email as their preferred method of communication, according to a SendGrind study.
The key message for companies who have moved or who are moving to Office 365 is that additional layers of security are needed. While Office 365 includes a standard layer of security by default, it is not adequate to protect against advanced security challenges. Ensuring additional layers of security are in place is absolutely crucial for businesses to remain secure while using Office 365.
The importance of layers lies in the fact that they limit risk. This is the case for both email security and physical asset protection, as the more layers there are, the harder attackers have to work. Consider an office building. While break-in alarms can alert an organization if windows are smashed or doors are kicked down, they’re also necessarily reactive. But if you add in security cameras, motion sensors, two-way communications and secure areas with separate locking systems, burglars won’t even dream of getting inside.
Similarly, security best practices such as two-factor authentication (2FA) and location-based user identification can help limit the risk of compromise, but these single layers — no matter how deep or wide — offer finite protection. Layered approaches, meanwhile, frustrate malicious actors in different ways at every step of the security process.
Some of the most popular phishing attack types this year have included:
• Fake attachments: If it looks too good to be true, don’t click it. From fake invoices to video files and special offers, attackers often use fake attachments to bypass security measures.
• Credential hooks: Seemingly legitimate credential concerns are often used in business email compromise (BEC) attempts. Users believe their corporate or personal accounts have been hijacked and enter login data at attacker-created links, exposing their credentials.
• Office impostors: Threat actors have gotten better at writing convincing emails that sound like they’re coming from the CEO, CFO or direct office supervisors. With social engineering now underpinning 97 percent of all malware attacks, according to Business 2 Community, office impostors are increasingly problematic.
• Domain spoofing: If links appear to be from legitimate domains, recipients are more likely to click through. Attackers are now lifting webpage graphics, text and fonts so fake links look more like the real thing.
• Brand impersonation: Attackers recognize the trust placed in many popular brands ( such as Microsoft, Google, Amazon… etc) by business users, and so they’ve gone back to basics with effective impersonations that often elude suspicion.
• Outside-the-box efforts: cybercriminals are also thinking outside the box with threat vectors such as server-parsed HTML (SHTML), file attachments that automatically direct users to websites requesting financial information.
With the phishing pool digging deeper and leveraging surface-level techniques, layered email security, such as Cisco Cloud Email Security is critical, particularly for Office 365 users.
When you pair Microsoft Office 365 with Cisco Email Security®, you have a stronger, more effective protection plan against malware, ransomware, BEC, phishing, spoofing, spam and more. Let Ctelecoms experts give you a closer look at how Cisco Email Security solution can help your business detect and block more threats. Contact us today!