business secret blog

The inbound threat In terms of volume, the most significant threat to the email infrastructure comes from external spammers and cybercriminals. Vulnerable information »» Personally identifiable information (PII) »» Financial statements »» Trade secrets »» Customer lists »» Business plans Defending the email infrastructure: why email requires comprehensive protection The Radicati Group also found that 77 percent of business users have, at times, forwarded businessrelated emails to their personal accounts9. An effective NAC solution continuously assesses against defined policies the computers of guests employees who work out of the office, and unknown users. Why spam works »» Millions of messages can be sent out in seconds through compromised computers. Malware and blended threats In 2007, 1 in 909 emails contained malware, a sharp decline from 2005, when the figure stood at 1 in 446. From here criminals capture usernames and passwords, bank account numbers and PINs. For example, many email clients use an auto-complete feature when typing names in the ‘To:’ field, to help reduce the amount of typing. In extreme cases, an organization can find its domains and/or IP ranges are blocked by service providers and other institutions. These emails contain no malware themselves, and so are more likely to bypass perimeter defenses. »» Recipients respond to it. A four-step approach to email defence step one Protect the gateway The central pillar in the defense against email abuse is gateway protection, which should scan all inbound and outbound messages for spam. This is the first line of email contact between your organization and the outside world. The internal threat Many of the outbound and inbound threats are also found in internal email. Data leakage According to IDC email is the number one source of leaked business information 7, and these leaks are usually accidental. While this figure might appear a positive move downwards, in reality, it only serves to highlight that cybercriminals have adopted more sophisticated techniques with which to infiltrate corporate networks. The first ever virus for the Mac OS X platform (which spread using IM) was discovered in 2006 and a year later a Mac-targeting Trojan – malware that poses as something more benign – was also discovered12. Both attacks relied on the behavior of the user, not just the vulnerability of the operating system. Family photos and videos, links to non-business web sites and other personal content consume bandwidth and can negatively affect the image of the company if sent to unintended recipients. Step four Control access to the network Network access control (NAC) manages who and what connects to your system, protecting data and ensuring compliance with all regulatory requirements. Defending the email infrastructure: why email requires comprehensive protection Overview of the email infrastructure Email is a system constructed of multiple components that play differing roles. »» Unlike physical mail, it costs virtually nothing to send spam. Organizations should also be able to choose how to handle encrypted, corrupt or suspicious messages.