Below The Surface – S1E1
Below The Surface – S1E1
DARSHNA KAMANI [00:00:09] Hello and welcome to the first episode of Below the Surface. I’m your host, Darshna Kamani. And before we delve into our topic today, I would like to introduce you to my co-host, Stephanie. Welcome, Stephanie.
STEPHANIE CAVIGLIANO [00:00:22] Hey there, Darshana. And hello, everyone. Hey there. I’m your co-host, Stephanie Cavigliano, very excited to be here today.
DARSHNA KAMANI [00:00:31] “First choice”, Stephanie, are you ready?
STEPHANIE CAVIGLIANO [00:00:33] I sure am. And what an interesting show we have for you all today. So today we’re going to be speaking to Olesia Klevchuk, Product Marketing Manager at Barracuda who specialises in e-mail protection. So in a study recently carried out by Barracuda, we found that 82% of organisations based some e-mail security threat in the past 12 months. For 25% of organisations. These e-mail attacks costed them a hundred thousand dollars or more.
DARSHNA KAMANI [00:01:02] With e-mail being such a core communication part of businesses. It’s definitely an interesting topic and why we need to ensure that businesses are protected from such threats. So let’s bring in Olesia, so we can discuss the top e-mail threats that impact businesses and how to protect against them, as well as some of the latest threats that Barracuda has found. Welcome, Olesia.
OLESIA KLEVCHUK [00:01:23] Thanks team. Great to be here. And so excited to be our first guest.
STEPHANIE CAVIGLIANO [00:01:27] Thank you so much for joining us, Olesia. So I do want to quickly remind our audience to please submit any questions or comments to us by using the comments box. And we’ll do our best to answer any questions. Now, to kick things off, Olesia, would you tell us a little bit about yourself?
OLESIA KLEVCHUK [00:01:43] Sure. I’m a Product Marketing Manager at Baracoa. I look after our e-mail security products. I’ve been with Barracude for a couple of years now. And before that, I worked in e-mail security, brand protection and I.T. research.
DARSHNA KAMANI [00:01:58] Fantastic. It’s really great to have you join us. Emaill attacks definitely dominating these stories at the moment, especially in this current time when ost of us are remote working. Cyber criminals definitely follow the crowd. They’ve recently been seen stories of companies being breached, such as a big business email compromise scam in Norway. Can you tell us a bit more about this Olesia?
OLESIA KLEVCHUK [00:02:19] Sure. So Norway State Investment Fund has recently discovered that they have lost around 10 million dollars to a business email compromise attack. They are still trying to investigate as to what’s actually happened and how they came about to losing so much money. But it was it’s very clear that hackers have invested a lot of time into orchestrating this attack, setting this up and them executing that attack as well. So the way it’s actually happened is they managed to, attackers managed to penetrate North Funds network and were inside their environment for quite some time. How it’s happened? They’re trying to investigate and figure this out, but it’s most likely was some form of phishing e-mail. We know that breaches happen because of phishing attacks. Most of the time, that’s how most of the breaches take place. And once the hackers are inside their environments and that’s what happened to the law funds, well, they don’t actually start launching attacks right away very often. They have a very long game in mind and they spend a lot of time and reconnaissance. And that’s what they did. They they sat inside the networks learning and watching about the ins and outs of the businesses, what kind of deals they have in progress and waiting for the right time to launch the attack. And the right time did come North Fund was having a business dealing with a consulting firm that they were looking to provides loan for them. So at the right time, hackers impersonated one of the North Funds employees. They sent an e-mail to the right people that sounded very realistic, very authentic, having the knowledge, background, knowledge of all of the business that North Fund was doing with a Cambodian firm and asking them to make the transfer for the loan, for the 10 million dollars. They didn’t think of anything. They were expecting an e-mail like that. So they didn’t think much of that and they made the transfer. The hackers didn’t actually stop there. They know they’ve set it up pretty well because they went to the Cambodian firm and told them that their funds will be delayed because of COVID-19 and then ask them to sit tight and wait. So it took actually some time for them to discover the attack. And when the attack was discovered, unfortunately, it was already too late and the money were gone.
STEPHANIE CAVIGLIANO [00:04:54] Really interesting and quite scary, too. I might add. So how would you suggest companies protect themselves from something similar happening to them?
OLESIA KLEVCHUK [00:05:05] Yeah, there’s a number of steps that organisations can take. And, you know, first and foremost, you do need to have some form of phishing protection and spear phishing protection in place to protect yourself against the attacks like business email compromise or account takeover as well. And account takeover was a big part of this attack. They were obviously inside organisations accounts. So ability to not only prevent those attacks happening, but if they did happen, being able to identify that you have a hacker, you have somebody else inside your environment, being able to detect those and remediate very quickly. And of course, don’t forget the uses as well, educating your users, making sure that they’re able to recognise when attacks, what e-mails are genuine, what e-mails and not. What kind of behaviours they need to look out for. And then finally, you want to put in place some policies just to make sure that when you do have a very large money transfers, for example, that you have a policy in place to double check that. Is requests for 10 million wire transfer should only come through the email or should you have some other ways to go and double check that shows in person or having conversations, a lot of money to just to request by email.
STEPHANIE CAVIGLIANO [00:06:25] Yeah, it sure is. So how about given the current situation? A lot of us are working remote. It’s an unusual time for businesses, as we all know, as well as for individuals. Has it had an impact on e-mail scams? And what should organisations be paying attention to during this time?
OLESIA KLEVCHUK [00:06:43] Oh, yeah, for sure it did. We’ve been tracking spear fishing, attacks and all sorts of other e-mail threats over time. And what we’ve noticed is that there was a will spike in the number of phishing attacks, particularly those that using COVID 19 as a as a lure, as a kind of a trick to get the victims to either click on e-mail to respond to their attacks. So as we all went and started working from home and kind of March around March this year, I think that’s when most of the country started to shut down. That’s when we really saw the spike going up with those spike of over 600% of spear phishing attacks that were using COVID-19 either in the title or the context of the email. And those attacks were to begin with, they were mostly scamming attacks. They were looking to sell you face masks or cure or looking for various investments in potential and organisations that looking for vaccines and cures for COVID19. But with time, they started to become a little bit more complex. And even then we we’re seeing a number of more targeted attacks like business email compromise attacks or attacks that were impersonating well-known brands. We saw a lot of impersonation of World Health Organisation and CDC in the US. So those kind of organisations that you want to get information from, you think that they are legitimate, they want to communicate something to you that is important. And, you know, people are very distracted. They are working from home. They are very worried about their situations. And they when they receive an e-mail, they may not pay as much attention to it, especially if it’s about a topic that is top of mind for them, they’re less likely to think to think it through. And, you know, also because we are all at home, because we’re all working on our very often and the mobile devices, we are checking out emails on the computers as well as mobile phones. And we’re also using our work devices, probably for personal reasons, a bit more than usual, because, again, we kind of blending this work and home home environment together. So there’s a lot more opportunities for hackers to really monetise on this event. And it’s not unusual for them to do that. Every year during hurricane season, we see spikes in hurricane related the tax in the US. So this is just something that organisations need to be aware of, that there is a heightened security risk when it comes with events like this, and particularly when so many of us are remote and the home.
DARSHNA KAMANI [00:09:44] It’s definetly scary times and hard to always detect, but it seems to be a growing problem. Now according to a report by Verizon, they recently found that credential theft social attacks are the cause of the majority of breaches. I think they said around 67% or more. Do you agree with this? And is this what we see as well in Barracuda?
OLESIA KLEVCHUK [00:10:04] Yeah. Verizon report had really had three main focuses. And it was really kind of found three trends that contributing to security breaches within the organisation of social attacks. Like you mentioned, business email compromise, one of them credentials theft and that’s a lot has to do with account takeovers when somebody takes over your account and able to steal your log in information and just simple arrows on behalf of individuals. When we start looking a look first of the social engineering attacks, like, sure, we see a very steady growth of those over time. Hackers are constantly evolving, also, “the attacks we saw this time” last year very different to the types that we see today. It’s not all about malware anymore. It’s used to be most of the attacks would have killed, actually messed with. I still have malware within them, but they’re most effective attacks are those that use social engineering tactics. And that’s why that’s kind of the fastest growing segment of that tax. Credential theft is usually very often a by-product of those attacks, not always, but a lot of the time hackers will use social engineering tactics to steal log in credentials so they can get inside those accounts, which are incredibly valuable for them. And because of that, we see the growth in that credential theft and the counter takeover as well, that there are many ways to steal credentials. But phishing is by far the most common ones, and they’ll steal it. And sometimes they sell it. Sometimes they use it for their own purposes as well. And then finally there just the human error and the human error has been there. Last year has been there. Five years ago, “and it will continue” being there. And that’s the best way forward against human error is continue to educate people what they should be paying attention to, but accidental deletion of data and accidental loss of data that’s happened. So having and having policies in place that prevents that valuable data leaving the organisation, or if it did leave the organisation, whether that’s for erroneous reasons or malicious reasons, you have an ability to restore that data and that information very quickly and recover and continue working without losing too much productivity.
STEPHANIE CAVIGLIANO [00:12:33] So this brings us really nicely to something that Barracuda recently released, which is an e-book on the 13 e-mail threat types. Now, before we get there, I do want you to tell us, Olesia, some of the basics of e-mail as just a general threat vector. Why should organisations really care about the main issues that this causes?
OLESIA KLEVCHUK [00:12:52] Yeah. E-mail is a number one threat faactor and we talked about this earlier with numerous examples of how email was used as a way to get inside their organisation than to say majority of data breaches start with an email attack is almost like an underestimation of that. Almost every single data breach will start with an email attack and a vast majority of those attacks are phishing attacks as well. And especially now we’ve talked about how we all working from home and with the rise of COVID 19 related attacks. You know, this is becoming a more over kind of a favourite tactic of hackers to get inside their organisations. The reason why e-mail is particularly important is that hackers are always looking for an entry point inside into your organisation. And breaching a network sometimes can be really hard for them. But the email is seems to be an easy way in. You know, we always have millions emails every day. There’s millions of emails being exchanged between or between individuals within the organisation as well as those coming from outside the organisation. From you partners, from your customers. And one of them is might be an illegitimates email, might be hacking email, and that’s something that people expect to get, they expect to get an email. And because they expect to get that. And hackers are using it as a way into their organisation, all they need is to design a clever enough e-mail or enough number in terms of volume to be able sooner or later to get in. They only need one person within their organisation to fall for that attack to have a way in. We also use our mobile devices a lot more than we did before. And it’s a lot more difficult to verify on a mobile device, whether your e-mail that’s coming from a person who you are actually expecting it to come from. There is a lot less information that is available for you on a mobile device, to check and validate the identity of the individual or the organisation that you expect the email to come from. And email data is just very, very valuable. Just getting access into the email is incredibly viable for hackers. Just think about it. You know, we all use our inboxes not just to communicate with each other, but sometimes even to store information. I get a lot of information coming into my, you know into my inbox, and very often I just keep it there. And very often I’ll just search through my inbox for specific files or documents. Some of those documents for some organisations and for some departments could be incredibly sensitive and valuable. So getting access to your email gives you access to the data. If organisation also has an Office 365 accounts in place. It gives you access to Sharepoint and One Drive, so vast amounts of data, vast amounts of information that the hackers can go and pass through and steal and use to their own advantage is.
DARSHNA KAMANI [00:16:07] I mean, I know I definitely use my e-mails to store the information that comes in just like you, Olesia. So as you mentioned, Barracuda highlighted that in email threat types. Could you run down some of those threats? And you know what? What are we seeing? And do organisations need to cover for all 13 of those areas?
OLESIA KLEVCHUK [00:16:28] Yeah. So resurgence of Barracuda have looked at all various types of threats across the different, of course, all customers that we have today. And we’ve researched them. Look them. And we we’ve done this with the thought of categorising them into various groups and types of threat. So we came up with a 13 threat types and they are by no means distinct, sometimes they do overlap. And hackers very often use multiple tactics and multiple types of attacks in a single attack like we saw, for example, with “an orphan”, example, earlier on that was a business email compromise attack those on account takeover those probably some form of phishing attack to begin with. So there was a number of different tactics used. And we’ve put them on to a spectrum from a more complex type of attacks. On one hand, such as spam and malware and and a more targeted and the complex attacks that more of impersonation type of attacks, such as business email compromising account takeover. And those attacks, they’re a lot more difficult to detect. So those attacks are that’s on the right spectrum are very hard to detect with the traditional gateways compared to the ones on the left. The traditional gateways are pretty effective at spotting, detecting and blocking from entering within the organisation. So if we take an example of how some of these attacks might unfold or how they all work together, so let’s say you get something like an impersonation, service impersonation attack. You know, it’s an attack, you get an email that appears to come from Office 365 or from Microsoft, it’s ask you to check your activity. There’s some check your password, check your recent activity, something like this. You’ll click on the link. It will take you to a lock in page, which will look very legitimate and very carefully designed Web page. Very often it’s not going to get detected by the gateways because the email from which that’s attack is coming from, it’s not been used in the phishing attacks before. Sometimes they might use emails, mail services such as gmail to have a very high reputation. So we’ll let through the reason, while the link is not going to get detected is because that link has only been “alive” for a short period of time. It’s never been used before in the phishing attacks, so there is no real intelligence behind that will trigger a gateway to think that this is a malicious link or malicious e-mail. Once you enter your log in details and might lead you to an account takeover. And you know, it goes through various stages of hacker learning about your organisation, understanding how what you’re doing, who you’re communicating with, who’s who within their organisation, looking for any business deals that might be happening at this moment that they can really use to start monetising. And once they start to monetise, they looking at to launch additional attacks, such as business email compromise, which is requesting wire transfers, for example, and so forth. And a lot of the time, the business email compromise attacks. They are not always part of their account takeover, but sometimes they can be, but they are incredibly effective in the way that they lead to those wire transfers. You know, we see this, but 7% of all the spear phishing attacks that we see today are actually business email compromise attacks. And although there might be appear to be small in numbers, they lead to around 1.7 billion dollars in losses, according to FBI. So those attacks are very effective and they might appear to be very not much in the nature and very kind of scammy appearing. But they just asking you, are you at your desk? Do you have a moment? Can you do a favour for me? But they’re looking to establish that trust for to get to the top of the wire transfer later on. And a lot of the time they are effective. Otherwise, hackers wouldn’t be using them in the way they do.
STEPHANIE CAVIGLIANO [00:21:11] So what are the specific impacts of these different threat types on organisations?
OLESIA KLEVCHUK [00:21:18] They impact very much depends on the type of attack that we see. So, for example, with the spam, something on, kinda on the left hand of a spectrum. It’s really just about the lose of productivity. Just the general in the way. So if you’re getting a lot of spam in your inbox, your legitimate emails, the emails, do you need to pay attention? You can really have an impact on your productivity. You can’t really find those e-mails they are looking for. You also will struggle to you know, your mail service will might struggle with the volume of e-mail that is getting into your organisation as well. So spam is very high volume attacks. So about 50% of all emails out there spam. So, you know, all of a sudden you’re getting bombarded by thousands and thousands of emails. You know, it slows down the performance of your mailbox. Spear phishing, on the other hand, they generally to monetary losses. So the attackers will invest a lot of time and a lot of efforts into designing those attacks and researching those victims. So they want a big payout of some kind. So it could range from hundreds of dollars to millions and millions of dollars as well. So we’ve already looked at an example of business email compromise and how one of those attacks might unfold. But one of the attacks that we actually start seeing a lot of is conversation hijacking. And that’s kind of like a spin of some kind on business email compromise. It’s hackers impersonating usually either a vendor or partner of some kind that you would usually have some form of business dealing. Maybe you’ve been exchanging invoice details with them over the past months. Maybe this is kind of a regular conversation that you have. You know, your vendor sends you an invoice every month and every month you approve it and then the another invoice and then they approve it again. And then, you know, one day the vendor sends you an invoice and says, hey, by the way, I need you to check my account details. And you don’t think much of it because that’s a pretty standard thing to do. Of course, account details can change sometimes. Change account details and you wire the money. Unfortunately, that last e-mail came not from your vendor, but from the hacker who have hijacked the conversation, insert themselves at the right time, provided with a new account details, and wired the money into a fraudulent account. By the time the organisation came to realise. Sometimes that can be too late to do anything about this. It’s a real big problem, especially in some industries. If you think about real estate, for example, you are looking to close on your house. You’ve got your thousands and thousands and thousands of dollars that you have saved or euros, whichever amount, whichever currency you’re saving in. And in your bank account ready to buy that house that you were looking for for so long. And then, you know, your real estate agent says here’s the account details. You wire the money in the money gone. And it’s a big, big problem. And it’s very important to have access to it, to be able to block this kind of attacks. So overall cost of data breaches organisations, our estimates, it’s in in millions and millions. And unfortunately, no one is safe. And you know, to be as safe as you can against these attacks you really need to invest in this multilayered e-mail protection, not just in the ability to filter through e-mail, but additional layers and education and more kind of A.I based technologies as well.
DARSHNA KAMANI [00:25:07] And now these attacks are happening every day. And in fact, our research has recently discovered a new tactic used by attackers, which was the form based attacks. Can you tell us more about this attack and what we found and how do they fit within the 13 threat types?
OLESIA KLEVCHUK [00:25:21] Sure. Form based attacks is a type of attack that we have discovered over the past, it’s been around for probably sometime, but we started tracking it over the past few months. It’s a type of impersonation attack that hackers are using, trying to impersonate either an employee or very often a service of some kind. It’s usually a productivity or file sharing site. Think about like Google storage site, One Drive. The idea behind this attack is that they will leverage those legitimate sites and they will send links to those legitimate sites and the documents posted within those legitimate sites and they email asking the victims to do something like verify their account details or download documents and so forth. So the idea is that they are looking to steal credentials, eventually log in credentials from these attacks, the individual will log in, will follow the link that will take them to legitimate sites such as One Drive, and then it will take them on to a different Web site where they will enter the volunteer with their log in credentiall. The difficulty with a form based attacks, because the link included in the email actually leads to a legitimate site. It’s not blocked even if it’s scaned by link protection or your “all” protection type of technology, it’s not blocked. So it’s a very effective way of tricking somebody into disclosing information.
STEPHANIE CAVIGLIANO [00:27:07] So I’d love to see an example of one of these. Can you give an example of how these attacks unfold so we can see exactly what it is that makes them so difficult to detect?
OLESIA KLEVCHUK [00:27:16] Yeah, of course there is. So here’s an example for you. It’s really very often starts with just an email. The email will ask in this particular email, it’s asking you to follow the link, to confirm some information. And once you follow the link, it will take you to the form. And that particular form is hosted on the forms’ office website, which is a perfectly legitimate website. But they hackers are designed that to look like as if it’s a log in page to be even included, a logo for an organisation there that they’re trying to impersonate. They’ve asked you to answer some information like a password and your user name as well. And once you do that, hackers, you’re just filling in a form. You know, you think you’re logging in, but you are just filling in the form and hackers have had the logging information now and they can use it. So it’s not really a phishing website, per se. But they have used services provided by organisations such as Microsoft like this forms.office to turn it into a fishing site for themselves. And that’s really difficult for just standard filtering technology to detect this. And there are various variations on this type of attack. Sometimes he gets an email from a One Drive asking you to follow the link to download the documents you follow, the link and takes it to the One Drive where you have another link that says, here’s click this link to safely download documents and you check and says, One Drive on the url. You click on the link and then it takes you to a phishing or malicious site. So again, because it takes you on this loops, it takes you through this number of different sides before you eventually get to malicious sites. You already outside the women’s organisations kind of email security controls to might prevent you to lead to the phishing site. So hackers are really getting smarter in the tactics and the way they are trying to trick users.
DARSHNA KAMANI [00:29:35] So like you said, it’s difficult to spot. It’s, you know, that it will mix legitimate. So then how do organisations stay protected? What are the best technologies organisations can use to protect against such threats?
OLESIA KLEVCHUK [00:29:51] So there are really two types of technologies that exist when it comes to protecting organisations. Most organisations in place today will have an email gateway of some kind. This is what they have had said, it’s a technology that is a filtering technology that sits between your mail server and your inbox and the Internet. So you have emails as they come in, they go through your email gateway. And if the email gateway decides that it’s a legitimate email, it allows for it to be delivered into your mail server. It works really, really good for things like spam and malware and as well as outbound e-mail. So we need information that will be leaving the organisation as well, filter those. Even things like zero day attacks, technologists like SandBox, for example, will see that that gateway level and look at any malware that may have never seen before open those suspicious attachments in controlled environments and see if it behaves in the way they shouldn’t be behaving. And if it has a malicious code within that and then block delivery of that attachment. So it works really, really well for emails that have a malicious payload or intent or, you know, they are behaving maliciously in one way or the other. The challenge starts when we start running into the spear phishing attacks and those attacks are designed to bypass the e-mail gateways that the whole way that hackers go about, they they know what the filters are. They know what the security is like within their organisation. So they’ve designed spearfishing attacks. They use social engineering tactics to go bypass the gateway. And that’s why you need protection beyond the gateway not just that the gateway level. And that beyond the gateway protection is what we call an API based in box defence. It’s a technology that integrates directly with users inboxes. And it has a visibility into both internal communications. So anything that happens internally within email sent internally within the organisation, but it also has visibility into historical data. It’s then uses that historical communication to create a sort of statistical model that represents how each individual within the organisation communicates and what kind of emails they sent around. What’s normal communication looks like, what kind of email you you’re expected to get from outside the organisation, from whom and so forth. And that is a way more effective way of detecting abnormal behaviour of normal emails, which very often would mean that these are attacks and malicious emails then gateways at the entry points. At the same time, it’s not a question which one you have, do have a gateway? Would you have an inbox defence solution? You really need to have both to protect against those 13 threats.
STEPHANIE CAVIGLIANO [00:33:05] Okay. So you need both “…”. Can you maybe break things on first? Let’s start with what are the pros and cons of gateway protection.
OLESIA KLEVCHUK [00:33:17] Yeah. The gateway, as I mentioned earlier, its biggest pro is that it blocks emails from actually entering the mailbox. So it’s really good for the high volume attack. So if you think about all of those malware and spam that would otherwise come in and flood your mail service and your inboxes, it really because it blocks those messages before they reach your e-mail server, it has no impact on your performance, your e-mail performance and that’s what we are we’re aiming for here. It’s also technology that’s been around for a quite some time. So the spam filter is a very good today. Signature based protection against malware is very good today. And then also the outbound filtering is something that you do need in place to prevent any malicious or accidental loss of data. As well as for many industries and organisations to stay compliant with how they sent information, personal information, for example, outside of their organization. The disadvantages of email gateway is that when attacks that are highly targeted are able to bypass those those filters, they are able to, they are designed to get around them because they are in the smaller volume. They’re highly targeted attacks. They are designed to get through and land in users in inboxes. Sspecially those when they don’t have anything malicious about those attacks. This kind of overreliance on policies and rules is an advantage to some types of attacks when it comes to gateways like spam and malware. But It’s a real downfall when it comes to what targets attacks like spear phishing.
DARSHNA KAMANI [00:35:15] Okay, so we’ve talked about the gateway protection, the pros and cons, so then how is API based inbox defence implemented and what attacks can be block?
OLESIA KLEVCHUK [00:35:26] Yes, the API inbox defence works differently from the gateway, and that’s kind of a perfect add on or, you know, in addition to your email gateway to make it to make your security complete. The API integrates directly with your inbox. It’s because it gets access to that internal and historical data. It’s uses that data to train the A.I. and create that statistical model about how each individual within their organisation, each individual within their organisation can talks and how they communicate with home. So if you if you think of an example like, you know, who do I usually send an email from? What business applications usually will send emails to me? Do I usually ask for wire transfers? Does the CEO within the organisation usually ask for the wire transfers? Do they usually share emails or certain information internally? What are the relationships like within different between different individuals within the organisation? So it’s basically looking what’s normal communication looks like, who’s talking to whom and how. And because in those understands who’s talking with whom and created this social graph about each individual, it’s able to identify when abnormal communication takes place. Something odd happens and email from an individual that comes from a wrong email address, for example, that’s never been used before. Or and then the unusual link being shared or even an unusual request that’s been made. So as you would take an example of business email compromise, that’s your CEO usually ask for wire transfers. That’s what the A.I. model will look like. Look for, does it usually sign, though, she sends an email from gmail accounts? That’s another thing that might trigger it. How does he usually sign his name? Does he say Matt or Matthew? You know all of those things may will be taken into account when the A.I. is looking for the impersonation attempt. So you feel similarly on that kind of on the round of service impersonation side. The A.I. is really relying on the historical knowledge of what the means the usually are being used by Office 365 and Microsoft. You know they have a lot of different the means by which a normal ones in which mean may look unusual. So there are a lot of different variables, as you can probably gather, that goes into that model. And of course, you can take your gateway and you can configure it to that extent as well. And you can configure all the rules and policies. However, it’s just not scalable. It will either produce a very large number of false positives and false negatives when the emails starts coming in. Or you will have to limit that protection for just a few individuals within the organisation so that you’re able to not only create all of those rules and policies and customize it to all of those individuals, but also able to manage it over time. And there are some attacks that you just cannot do anything when it comes to account takeover, when it comes to email gateways. Account takeover is being one of them. Account takeover is something that takes place inside their organisation. Email gateways is a completely blind to those. You already have a hacker inside the organisation. Email Gateways cannot see what’s happening inside because they sit at your perimeter and outside of your organisation. The disadvantages of API based inbox defences basically those are advantages of email gateway and that’s why they complement each other so well. It does allow for the email to actually be delivered into the inbox. So if you use just the API inbox defence to protect against all attacks, you know, you might get an impact on the performance of your inboxes because spam malware will first have to be delivered to the inbox and before it’s instantaneously being pulled out of your mailbox but it will have a negative impact on the performance.
STEPHANIE CAVIGLIANO [00:39:56] Thanks for breaking that down for us, Olesia, it makes sense that you would need a a highly sophisticated solution for those highly sophisticated attack types. So before we sign off here today, we know e-mail threats are going to evolve and change as time progresses, just like they always have been. So what strategies would you suggest organisations that they can implement so they stay on top of those increasing risks?
OLESIA KLEVCHUK [00:40:21] There’s a couple of things that you can definitely do. First, this, we encourage you to go and download that e-book. I’ve talked about a few examples from our e-book, but if you go in barracuda.com it’s right there on the home page, you can download and go through a lot of other detail about all 13 threads, why they’re happening? how they work? Why some types of protection are better than others when it comes to these threats. And once you have that knowledge in place, try to identify what kind of gaps you might have in your email security. Did you have a good gateway in place to have a good outbound protection in place? Do you have an API based inbox defence? Are you fully covered when it comes to detecting blocking this attacks? And then also just don’t stop at the technology pointy. It’s not just about the technology. You need to make sure that you educate to use this as well, Because unfortunately, no e-mail security is 100% effective, 100% of the time. So sometimes something will get through sooner or later. And having a well educated, well-trained staff within your organisation can go a very long way in protecting against these attacks. And once you’ve trained them and they’ll start reporting all these attacks to you, you need to have a very fast response. So automating your incident response is also something that you want to make sure that you layer on top of your email security so that you’re able to detect those attacks, your staff will be able to report those attacks and then you’re able to respond to any of that might have gone through really quickly before it spreads across the organisation and causes damage to your businesses. So make sure you have all the layers of protection in place. You have response. You have remediation in place as well as just detection and protection.
STEPHANIE CAVIGLIANO [00:42:27] Some great tips. Well, Olesia, thank you so much for joining us today. Thanks for all of the information that you provided on these types of e-mail threats and what organisations can do and the strategies that they can implement to protect themselves from them.
DARSHNA KAMANI [00:42:41] Yes. Thanks so much, Olesia. And thank you all for joining us for our first episode of Below the Surface. Hope you enjoyed it. Don’t forget to go to barracuda.com to download your free copy of the e-book that was discussed today. Until next time. Have a safe journey.