EDITOR ’ S QUESTION
ED WILLIAMS , EMEA DIRECTOR OF TRUSTWAVE SPIDERLABS
appropriate , we ’ d also recommend that antispoofing best practices are applied .
Some of the most significant threats organisations face come in through email as it has a number of advantages as an effective attack vector for hackers , enabling them to surreptitiously launch threats such as spam , malware , phishing attacks , Business Email Compromise , account takeover and ransomware . End users receive email messages whether they like it or not and email can be easily spoofed to appear legitimate .
Trustwave ’ s own 2021 Email Threat Report found that in 2020 the proportion of malicious attachments in spam increased , with widely used Microsoft documents , namely Word and Excel , being the most common way attackers delivered malware through email . What ’ s more , Business Email Compromise ( BEC ) scams had continued to have a significant impact on organisations .
Secondly , deploy an email security gateway to check potentially malicious or phishing links coming into corporate inboxes . Implementing software to catch malicious emails before they even reach employees is a very helpful and effective preventative measure .
Lastly , educate your users . Cybercriminals are masters of social engineering and their emails are becoming more believable by the day .
It ’ s vital that organisations inform their employees on the nature of today ’ s email attacks to ensure they have their wits about them and know what to do should they find a suspicious email lurking in their inbox . To take this a step further , conducting mock phishing exercises against your staff helps to demonstrate just how real the threat is while also highlighting how legitimate the emails can seem . x
Most recently , our research team discovered threat actors appending malicious files to an unsuspecting file format to evade detection and deliver info stealer Vidar malware to the user .
No matter the size of your organisation , protecting your email environment should be one of your top priorities . In order to protect the email attack surface there are a number of measures organisations can take .
Firstly , keep software updated . Many email attacks succeed because of unpatched client software so keeping programmes , like Adobe Reader , fully patched is important . Ensure that good security practices like Multi-Factor Authentication ( MFA ) and robust passwords are applied to email SaaS implementations . If
www . intelligentcxo . com
23