Focus on 2015: Keeping pace with the evolution of spam
What will be the chief challenges for MSPs in 2015? Part two of a four-part series examines mail security. MAX Mail General Manager Eric Schwab tells Debbie Thomson that a longtime cyber-nuisance has graduated to a full-fledged threat.
New threats, for a rather obvious reason, pose a real problem: If you’re unaware they exist, you can’t prepare an adequate defense. But a threat that’s been in existence for years and grows more sinister over time can be equally dangerous.
Spam is no longer just a nuisance. Those days are long gone.
“We’ve transitioned from the old days, when spam was designed just to get people to buy things,” MAX Mail General Manager Eric Schwab says. “After that, email became a way to propagate malware, and that malware would turn your computer into part of a botnet used to send out large volumes of spam. Now, we’re seeing organized crime, governments, and other much more sophisticated players, using email-borne malware to extort money from people.
“I would say the pace is accelerating.”
And there’s no sign the evolution is slowing down. Schwab doesn’t foresee any “Got’cha!” moments in 2015. But email-borne and blended security threats are expected to continue over the next 12 months – and beyond. Managed service providers (MSPs) need to ensure their customers are aware and protected.
The chief concern with spam used to be a loss of productivity. But now there’s a much greater concern: Your company’s intellectual property could be held ransom – or leaked.
“If you study the more sophisticated attacks,” Schwab says, “there’s some evidence that the first entry point for the attacker was via email.”
Case in point: The network breach at Sony Pictures. It is an excellent example of the challenge mail security poses. According to Schwab, many people continue to think of security strictly in terms of keeping threats out. Security, however, is also about ensuring confidential information is kept private.
It’s a task that’s only growing tougher and more time-consuming. A successful approach today may not work next month, let alone next year. As Schwab says, cybercriminals have an inherent advantage – MSPs and their customers may successfully block 999 out of 1000 threats, but the attacker only needs to be right once.
Given the razor-thin margin for error, in 2015 MSPs need to evaluate a comprehensive security program. That includes email security in the cloud, antivirus protection on the server and on the client, and complementary solutions including web filtering to protect against threats that end-users may browse to as a result of a link in an email or may access through any number of other ways.
“There’s a growing awareness of security issues by both MSPs and their customers, although frequently the customers are not familiar with the breadth of options available as solutions,” Schwab says.
Schwab stresses the need for MSPs to teach their customers that email security in 2015 extends beyond merely spam and virus protection. Ensuring the integrity of the data is also essential. Email encryption is steadily gaining traction as a defense strategy. Even more importantly, customers may not realize the value of a tamper-proof email archive, which ensures that vital information within historical email communications is secured for a variety of reasons – for eDiscovery, compliance purposes, and intellectual property preservation. Email remains the primary method of business communication, according to the Radicati Group.
For the same reason, companies can ill afford to be without email. A comprehensive approach to email security must include a continuity plan that allows employees continued access to email if their primary email infrastructure is ever offline – whether due to an attack, a natural disaster, or simply a software or hardware failure.
There’s a “clear trend” away from on-premise email toward hosted services such as Google Apps and Office 365, Schwab says. Those services provide solid security, but with the sophistication of today’s threats, MSPs can increase the security posture of their customers by complementing the core hosting services with specialized tools that provide another layer of security, a continuity feature in case of any issues with the provider, an independent archive, and web filtering. With these capabilities in their product portfolio, MSPs gain additional lines of defense for the digital fight in 2015.
“It’s multi-vector and more sophisticated,” Schwab says of today’s cyber-attack strategy. “It’s not just about productivity loss. It’s about real security threats. It’s about real money.”