Although most organizations have email security systems in place, malware infections through email are still commonplace. An Osterman Research White Paper found that over a 12 month period, 64% of surveyed organizations experienced malware infections through email and 22% experienced an accidental or malicious leak of sensitive or confidential data through email. It seems that organizations are lulled into a false sense of security, thinking that since they have antivirus and email security in place they are immune to email attacks. However it is not quite time to sit back and relax yet.
Here are three common email security myths debunked:
Myth #1: A Single Antivirus Solution is Sufficient
With the sheer number of new malware being introduced daily, combined with the speed at which email malware can spread, antivirus vendors are struggling to keep up. Antivirus vendors work hard to reduce the time between the moment when a new virus outbreak occurs and when their virus definitions can detect the virus, but nevertheless, a lag cannot be avoided. In order to evade detection, attackers try to create malware that makes use of known limitations in specific antivirus engines, leaving you exposed if you happen to use that particular antivirus vendor. If your organization is using only one anti-malware solution, you are leaving opportunities for malware to get through.
Myth #2: Our Email Security Solution Also Blocks Targeted Attacks
Email security solutions can block known spammers and phishers and can detect sender spoofing to identify a fraudulent sender trying to pose as a trusted sender. However, targeted attacks are assembled with more care and are sent to a limited number of organizations and individuals, making them harder to detect by traditional email security solutions. Targeted email attacks are usually sent in the form of a malicious attachment, with compressed files and Word files being frequent vectors. Since the malware is sent to only a small number of individuals, antivirus vendors would need to rely on sandboxing techniques, which can be costly to implement and are impractical for organizations to use globally due to the length of time it takes to complete a scan.
Myth #3: Our Employees Are Too Smart to Click on Dangerous Links or Attachments
The training and education of your employees is very important, but you cannot rely solely on your employees being able to tell the difference between a legitimate email and a targeted attack. Even if you train your employees, they can still be tempted to click on infected links or open email attachments if the emails are crafted well enough to look like legitimate messages; by gleaning information from social media sites, attackers can make fraudulent emails seem very legitimate, and even fool advanced, tech-savvy employees.
Even though these myths do not hold true, the good news is that there are solutions to defend against these threats!
Multi Anti-Malware Scanning and Document Sanitization
By using multiple anti-malware engines to scan email attachments, you will greatly increase the malware detection rate and reduce your exposure to a specific engine's limitations. Since each antivirus vendor addresses different threats with different lag times, using multiple antivirus engines will decrease the lag across all existing threats and significantly reduce the window during which your organization is vulnerable.
Many targeted attacks can be prevented by sanitizing email attachments and removing any embedded scripts or threats before they reach the recipient. For instance, by changing images and Word documents to a more secure format (ie. converting .docx to .pdf), any embedded threats are automatically removed from the file, defusing potential attacks.
By using an email security solution such as Red Earth's Policy Patrol Mail Security for Exchange, combined with the multi-scanning and document sanitization capabilities of Metascan, you can protect your organization against targeted and zero-day attacks, as well as significantly increasing your malware detection rate with reduced lag times overall.
