According to a recent report, business users send and receive an average of 110 emails per day. Such a figure indicates that email continues to play a predominant role in the day-to-day activities of an organization and that its use will continue to grow in the years to come.
Being so critical gives rise to the importance of email security and the significance it has in ensuring that malicious content coming through via email messages stay out of the organization. Typically, threats ‘from the outside’ include viruses, trojans, custom malicious executable files and embedded scripts within the body of an email.
It goes without saying that the repercussions of ignoring these threats could result in considerable damage, including data loss, productivity loss and a reduction in network resources due to consumed bandwidth – effectively all contributing to a hit on your bottom line.
The ‘here you have’ worm in September 2010, which spread via email and tried to trick people into visiting a link that hosted a malicious script, caused a brief yet substantial outbreak which was reported to have slowed down networks at organizations such as NASA, Disney and Proctor & Gamble.
Furthermore, Microsoft found that over 90% of the activity related to this worm came from business computers. To reduce the risk of your organization being affected by such an outbreak, you need – at minimum – a solution that offers multi-layered AV scanner protection (the reality is that one AV will react faster than the other in responding to new and emerging threats), attachment scanning (so that you can block certain files by type) and an HTML/script scanning feature that disables embedded scripts or suspiciously crafted HTML code. This, in addition to a respectable anti-spam filter that will remove email threats that are spread within SPAM, should help to keep the bad stuff out…
…but what’s helping to keep the good stuff in? Despite the numerous methods available to help prevent the incoming threat of malicious content via email, the insider threat is one we should take just as seriously.
The vast majority (if memory serves me well it is believed to be something like over 80%) of all security breaches come from the inside. How easy it is for someone in your organization to bring a USB drive into the office and execute a virus that spreads via email to people outside of the company walls? Imagine the embarrassment if your clients find that an email containing a virus that caused them downtime came from you; or the bad press the organization would get if this information was reported on in the media!
Do you have a mechanism in place to stop people from sending out sensitive documents, source code, trade secrets and so on via email? What reasons would people in your organization have for wanting to carry out such acts? Who is most likely to carry out such an act? What processes do you have in place to prevent or mitigate such attacks? These are all questions you need to think about when assessing insider email security threats.
In my opinion, there are a number of reasons why people on the inside might want to carry out such acts. Revenge would probably be at the top of the list; following a termination, redundancy or forced resignation, the employee may seek to ‘get his own back’ by leaking information, distributing a virus, or deleting emails from a shared mailbox they have access to.
Financial gain wouldn’t be far behind in the list of reasons; it involves a competitor engaging the employee to obtain information from the organization that would give the competitor an advantage over other companies (as such, they are essentially assisting the competitor in conducting industrial espionage).
Similarly, if the employee wanted to move to pastures new and start their own business, they would most likely have the intention of getting a head start by using the classified information they gained from their current employer.
In this case, reducing the insider threat requires a solution that implements a content checking module that you could use to check the outbound email for certain keywords or phrases within the email subject, body or attached document, an attachment checking module to block certain file types from leaving the organization’s email server, and a virus checking module that scans outbound emails.
I have spoken to a number of IT managers in the industry who said they turned outbound scanning off “because of the additional load it was adding to my email server” and because “we honestly thought it could never happen to us”, only for one of them to have fallen victim to an insider email security breach following the resignation of a member of staff who attempted to send himself some design documents related to a proprietary piece of software that was being built in-house. This person was only caught because of a routine email check of the email archives after they had left the company.
The bottom line is that it is essential that we do not underestimate the need for an email security solution that can block or quarantine suspicious emails being sent from the inside. Such a solution, along with an effective and well thought out IT security policy and user education offer a good starting level for 360 degree email security.