Cisco Blogs
Share

How to Save a Billion Dollars


August 6, 2019 - 1 Comment

In my last blog, I examined the state of cybercrime, fraud, and the losses associated with it. It was also in that blog that I brought up a particular threat that has caused more than $1 billion dollars in losses last year and shows no signs of slowing down. So, what is this increasingly expensive and evolving threat?  Ransomware? Insider Threats? Nation-State Attacks?

Email. 

That’s right, the technology that was new and exciting in the 1990s that has now become a standard part of our day-to-day lives. But cybercrime is a business, and when you can make this much money this easily why would you change?  After all, every business has email so there’s no need to research if your potential victim is susceptible to the threat vector. In many ways, it’s the most ubiquitous of all potential attacks (except for DNS, as it’s so widely deployed). This is in part, one of the reasons email attacks remain an evergreen source of profit for cybercriminals.

After all, when there are so many new technologies, techniques, and threats rolling out onto the enterprise from shiny new areas like cloud and IoT, who wants to focus on the more mundane things like email? And yet, we continue to see threat actors target this legacy attack vector, with the FBI estimating losses of $1.4 billion in 2018 alone!

So now that we’re aware of how big of a target and money maker email is for cybercriminals, what do we do to defend ourselves? Well, it all starts with a shield dropped in front of your email in the form of the Secure Email Gateway (SEG). This shield helps identify and protect against phishing, ransomware, and fraud, as well as the classic spam and graymail.

Now some of you may have had SEGs deployed in the past and have since moved to a cloud email provider. As a result, you might think you don’t need them anymore. In fact, the 2019 CISO benchmark study showed the number of people using email security declined from 56% to 41% within the last 5 years. And this is a good example of where a lack of focus on current and continuing threat from email can be an issue. With any solution in the cloud, email or otherwise, it is important to bear in mind what the roles and responsibilities of the cloud provider and you, as the customer are. In a large number of cases, the cloud provider’s primary focus is on the scalability and availability of the platform, followed by the security of the platform and the infrastructure itself to ensure there are no breaches between tenants. The actual security of the customer data being held in the cloud remains a tertiary or in some cases unimportant concern for the cloud provider.

After all, we have all seen many examples of cloud databases or other sensitive customer data stores that have been left wide open because of enterprises failing to understand what the responsibility of the cloud provider is and what is their responsibility. As an example, GrayhatWarfare built a searchable database in 2018 of open S3 buckets that has already grown from its original number of 48,623 to 90,523!

Furthermore, our adversaries are continuing to ramp up their efforts. In the latest Cisco Cybersecurity Report, Talos threat researchers discovered that the number of new phishing domains has increased 64% from January through March 2019. It’s critical that if you are going to take advantage of the benefits of cloud email that you fully and completely understand what exactly you are getting in terms of security for your actual users. Ask difficult questions of your providers, do not accept vague assurances, and conduct detailed proof testing as you would for any other procurement decision. Remember that it is perfectly possible to move to a cloud email solution and also deploy additional SEGs to protect it. It’s not an either/or deployment model and you should evaluate your defense strategy on that basis. In a 2018 ESG study on email, 43% of existing cloud email users said they felt they needed to add supplementary security controls from a third-party.

In fact, Cisco’s email solutions have been designed from the ground up to be flexible in their deployment. Whether your needs are for an on-premise SEG, a cloud-based email solution, or to augment your existing cloud email providers security, the Cisco Email Security portfolio has you covered. This flexibility was just recognized in the recent Forrester wave report that called out this exact point when mentioning Cisco as a leader in securing email.

Furthermore, we recognize the challenges around understanding the effectiveness of your existing email solutions and have endeavored to make it easy for you to work with our technology and people to quantify your current solution’s capabilities and its risk. After all, as Sun Tzu said the 6th century BC, “If you know yourself and you know the enemy, you need not fear the result of a hundred battles.”  As true then as it is now for a company running a 90’s era technology like email alongside more modern-day network innovations like the cloud!

It is the realities of such hybrid technology deployments that drive us to leverage the latest developments within the email portfolio. Whether it’s encryption technologies such as DANE, spoofing protection from SPF/DMARC, or leveraging machine learning and artificial intelligence to prevent advanced phishing, Cisco is committed to meeting the challenge of securing email for today and the future.

In the next blog I’ll be going through some of these technologies and how they protect you, your employees, and your business. And if you’re looking for further reading on some of the latest attack techniques and trends associated with email security, I recommend you read the latest Email Cybersecurity Report.

 


Did this post resonate with you? Did your organization migrate to the cloud fully aware of the security capabilities within your solution? I welcome your comments below.

 



Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.

1 Comments

  1. Excellent post Andrew! Interesting insight from Cisco Talos: in recent years, the proportion of easily exploitable vulnerabilities in the global CVE database have reduced dramatically, making users (and therefore email) increasingly popular as a target. No doubt we can thank the rise of DevSecOps as a secular trend for this outcome!