Channel players need to put on their consultant hats to protect businesses from cyberattacks, as email threats reach new levels of sophistication, says Gerry Tucker, Websense ANZ country manager.
In recent years, email security has taken a backseat to more advanced data breaches, but we expect threats to email to reach a new
level of sophistication and evasiveness in 2015.
New Zealand, while geographically removed from the rest of the world, will not be able to avoid these threats.
While spam volumes are decreasing, most users will begin to witness an increase in the amount of spam they receive in their inbox, because most email security measures will be incapable of detecting them in the cloud scrubbing prior to passing to a user’s inbox. This means there is an increased chance of malicious emails getting through to inboxes, leaving businesses and individuals potentially exposed to data theft and loss of IP.
What is more alarming is email threats are constantly evolving. Armed with new algorithms and evasion techniques, cybercriminals are testing the limits of current email security solutions.
Last August, in just one week, Netsafe received seven reports of a new type of crypto-ransomware virus affecting both home users and SMBs locally which typically originates from users clicking on an email attachment or link to an infected website. Some victims have received ransom demands of up to $3000. These threats will become more sophisticated, more evasive, and more insidious. Some emails may not even contain links to malware but lay the foundations for a more severe attack.
These are just attacks being reported to one organisation. We are aware of many more cases of crypto-ransomware in action right across the globe.
It is clearly something that is on the minds of New Zealand residents and businesses. According to Netsafe’s internal figures, the most visited article on its Security Central website is an article on dealing with CryptoLocker ransomware.
This is why traditional models of security such as firewalls, anti-malware software and signature-based methodologies are not enough to protect organisations from these new threats.
Channel players in the security space are now required to put on their consultant hats when they engage with customers on protecting their businesses from cyberattacks. Therefore, the channel need to work with vendors who deal in cybersecurity intelligence and understand threats across the kill chain in order to stave off cyberattacks.
Vendors who deal with cybersecurity intelligence are not only constantly monitoring new global threat models such as zero day threats and advanced persistent threats, but also understand how these attacks can impact businesses on a local level. It is this kind of insight that will be the most valuable to channel partners seeking to assist their business customers in warding off crippling cyberattacks that can potentially cause monetary loss and reputational damage.
If channel players really want to become effective security consultants to their business clients, they need to team up with sophisticated cybersecurity intelligence vendors who have their backs and provide them with the support they need.