EdgeWave is a cybersecurity company that focuses on email protection. The company has recently investigated why gaps in technology and security exit in businesses cyber systems. These are gaps that allow these breaches to continue. As an example, recently, while investigating massive spam-producing malware network, security researchers at Vertek Corporation discovered that some 43 million email addresses had been leaked in a massive spamming campaign.
John Randall, VP of Product at EdgeWave discusses with Digital Journal the next steps businesses can take to ensure their data and servers are protected, plus the tips the average user can use to identify spam emails that threaten their privacy.
Digital Journal: What are the main cybersecurity risks for companies?
John Randall: Based on recent surveys of IT and Infosec professionals and what we are seeing, the main risks perceived by organizations can vary based on the size of the company. Most small and mid-size companies are prioritizing security strategies and initiatives around mitigating phishing, ransomware, BEC (Business Email Compromise) and DNS attacks.
Larger enterprises are looking to protect their end points as well from these threats, yet also dealing with global issues like GDPR and critical compliance issues around protecting personal and business data. A common denominator for many risk scenarios is the human factor—the ability of mal-intended actors to target and spoof our human users/employees across business networks has never been more dangerous.
DJ: What is the specific risk from email scams and phishing?
Randall: Targeted, socially engineered phishing scams carry with them a variety dangerous payloads. They can deliver malware via bad links, they can spoof employees into giving them access to private personnel data or financial accounts. And with Ransomware they can blackmail entire companies and cities with the threat to, once embedded within the network, shut down systems and steal data unless they are paid.
These attacks are getting more and more frequent and sophisticated. The cost of these attacks can easily exceed $1 million for many organizations. What’s more, fighting these can require educating all employees with cybersecurity awareness training, which can itself cost significant dollars and lost productivity. The ultimate damage is to the brand of the company or organization that has been violated as it has lost the trust of its employees and customers, which can severely damage their overall enterprise value.
DJ: Why do employees fall for these?
Randall: Several reasons: employees as humans are now trained to act quickly in our digitally transformed world. Our “pacing” when evaluating digital communications like email, messaging, social media is almost without thought—it’s rote response. See a link, click the link, or open the attachment.
Security awareness training seeks to create pause and discernment with users, yet we are moving so fast and sifting through so much on a daily basis, that pause can be missing depending on human factors such as rushed projects, stress, fatigue, etc. Unless they see undeniable risk, they may just click on it to move on to their next communication just to feel more productive.
DJ: What can businesses do to protect themselves?
Randall:No matter how much we tell people what to look for and to be extra cautious, they will click. Some occasionally, some a lot. Even one mistake can open companies to layered attacks. Companies can increase the strength of their email gateways by setting policies or adding detection filters to try to block such attacks, but this runs the risk of blocking legitimate emails as well and slowing the pace of business.
Many organizations are currently trying to ramp up deeper security awareness training programs but unless they are committed to these long term and are running every new employee through a gauntlet of training sessions and faux attacks, they are not a full-time solution. Evidence shows that the impact of security awareness training wanes over time. What’s needed are tools in the inbox that can either automatically detect one-to-one attack modalities, or enable user services that provide instant deep reviews into possible threat emails that make it past gateway defenses.
DJ: What about for the average user? How can they identify potentially harmful messages?
Randall:Let’s start by assuming there is a base layer of common sense. (Not an easy assumption to make.) If it feels like it’s unknown content or context, from an unknown sender, or asking for a level of information that isn’t usual, pause. Stop. Don’t click. Users can check to see if the to and from fields align, or if the email domain name matches the message or the company the sender claims to represent.
If users have any doubt, they can also send it to their IT or help desk for investigation. The challenge with either of these approaches is time. Employees don’t like to leave cycles incomplete, and IT doesn’t have time to get to all these investigations in a timely manner. Yet, there are tools that users can use to instantly send any suspicious emails for analysis, and they will render a verdict and delete the message if considered risky or malicious. These give users the most control over anything that looks “phishy” and can enable them to provide a more united defense.
DJ: Despite this, why do things still go wrong?
Randall: Unless someone has been personally attacked or “burned” by an email spoof, there is an innate lack of urgency to be completely diligent 24/7. Who hasn’t woken up early in the morning and started cruising through emails with perhaps half a mind to the rest of the day and has been vulnerable to clicking on something that didn’t register as suspicious. We have to 1) combat that sense of “it won’t happen to me” with constant communication, including perhaps a unified sense of accountability within the company. Penalty if mishandled? That is a key question facing organizations today. Lastly, we’ve got to get users actives solutions that help them be an active part of cyber defense.
DJ: What advantages does EdgeWave present?
Randall: EdgeWave approaches these critical email-borne threats with a multi-layer approach. First, we provide an Email Secure Gateway called ePrism. It offers comprehensive protection around all known and zero-day threats via multiple malware, AV, and machine learning filters. All of which keep out 99% of attack vectors and protect the inbox from virtually all malicious email. However, because the latest socially engineered attacks take new approaches, we also provide a second layer against targeted phishing called ThreatTest.
This is a button embedded in Outlook that any user can click when they think an email isn’t right, and the email is automatically quarantined and sent to EdgeWave. In minutes we run it through additional filters and expert human analysts to review the email and return it with a verdict either confirming it’s good to go, or it’s malicious and we have deleted the email. A key benefit to this as well is that the user never has to send it to IT.
Users don’t want to bother IT and they are reticent to send too much to them or ask questions. With the cloud-based ThreatTest solution, it’s super easy for users to send anything without fear of judgement, and the cost doesn’t increase whether they send one email or one thousand. It frees them to be more skeptical.
DJ: How does EdgeWave differ from rival platforms?
Randall:Our ePrism email security gateway is competitive with the leading providers and is considered much easier to deploy and use, and much more affordable. We are bringing best-in-class functionality to small and mid-size businesses, yet offering the largest businesses or Managed Service Providers advanced capabilities.
Add to that ThreatTest, unique to EdgeWave. No one else currently has an easy, one-button approach that provides analysis and remediation of suspicious emails in such a cost-effective and accelerated manner. Our difference as well lies in our team of 24/7 human expert analysis. Our POV is that our machines can stop bad-guy machines when hacking or spoofing, but we need human experts to stop expert human hackers or spoofers who are engineering one-to-one attacks. ePrism and ThreatTest together offer the best layered defense against these most dangerous threats to business.
