Security Market Segment LS
Friday, 30 August 2019 00:26

Email security architecture vulnerability to cybercriminals attacks needs reassessment Featured


Email remains one of the key attack vectors used by cybercriminals, leaving many organisations hugely vulnerable because they don’t have adequate protection in place, according to software company Wavelink, a distributor for security vendor Fortinet

And the latest industry data shows that 94% of malware was delivered by email, demonstrating what Wavelink says is the crucial importance of securing this business-critical function.

In fact, email scams cost Australian businesses more than $60 million in 2018 according to Scamwatch.

Ilan Rubin, managing director, Wavelink, said, “These attacks are both sophisticated and hard to detect, as they rely to a large extent on human error. The more protections organisations can put in place to secure email, the less likely they will be to fall victim to email-related cyberattacks.”

According to Wavelink moving to the cloud has delivered significant agility, flexibility, and financial benefits for organisations but it can also create risk if not properly secured.

The company says email has been caught up in the move to cloud, which makes sense considering the high storage requirements and relative maturity of email – however, this means that, sometimes, email security is getting lost in the shuffle.

Wavelink says organisations need to reassess their email security architecture, with key areas that need to be addressed including:

  • Attachment-based advanced threats: in these threats, users are tricked into clicking onto an attachment such as a fake invoice. Once launched, the attachment delivers malware into the network. Businesses require solutions that offer network sandboxing, and content disarm and reconstruction services.
  • URL-based threats: users are tricked into clicking onto a link that takes them to a spoof website where they’re told to enter their credentials. Once they do that, the cybercriminals have their username and password, which they can then use to access further parts of the network or essential accounts such as business banking or other mission-critical applications. Businesses need URL rewriting and time-of-click analysis, and web isolation services
  • Social engineering threats: cybercriminals are becoming increasingly good at impersonating colleagues and managers, instructing staff members to do things like purchase iTunes gift cards, change the payment details for key invoices, or transfer large sums of money to other accounts. Because the email seems so authentic, users often fall for them. To avoid this, businesses can benefit from display name spoof detection, domain-based message authentication, reporting and conformance on inbound email, lookalike domain detection, and anomaly detection.

“Organisations shouldn’t necessarily avoid moving their email infrastructure to the cloud. Instead, they just need to ensure that they’ve put the right protections in place to avoid falling victim to these scams and hacks,” said Rubin.

“It’s important to note that protecting against cyberthreats involves creating a series of rules that will need to be fine-tuned; and as a result users may notice some effects on performance. However, this is the price that organisations need to pay to avoid letting the cybercriminals win. It’s a constant battle in which some false positives are far preferable to the alternative, which is a data breach or compromised system.”


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments