Wednesday, 19 June 2019

Outlook – Cloudy

Many believe that by migrating to O365, they are also protecting themselves from phishing attacks by using the latest tech. But it simply isn’t true.

We recently published an article relating to email and the evolution of cybercrime and another referring to the rising popularity of Microsoft’s Office 365 suite and the growing security risks associated with it.

We think carefully about the ideas we want to share with our readers and thought it a good idea to publish another piece that consolidated those two articles – not just to be smart but more as a reminder that progression, whilst usually a good thing, can sometimes mean that the more basic things are forgotten or no longer considered necessary.

The article about the evolution of cybercrime from carpet-bomb emails through to sophisticated, laser-targeted social engineering-fuelled attacks noted that the former had been somewhat reduced by the advancement of spam filters.

Old-school spam (nuisance and malicious) is still getting sent, though. If you have a Gmail/Microsoft Outlook.com (Hotmail) or other free online email account, your junk folder is likely still loaded with that crazy stuff if you want to go and have a look to feel a little nostalgic.

One of the reasons this type of mail can now be so easily identified is because the address or domain where the email has been sent from will quickly find its way onto a database of know offenders, be backlisted and sent straight to junk folders, if not entirely blocked.

But hang on, how did the sender get your email address in the first place?

Well with the free email accounts like Gmail, it’s obvious.

‘Bad guys’ know the domain name (address) ends with @gmail.com or .co.uk so they’ll have robot software spitting out emails with a series of prefixes like johnsmith, elvispresley, funkychicken etc. in the hope that the address is real and it gets through to a live account. It doesn’t matter if it’s not real as it’s not as if they’re having to buy a stamp for each one, is it?

It works much the same with businesses, but the email address suffix may not always be as obvious as gmail.com.

That said, you can usually tell from the company website URL and many businesses also publish the email addresses of individual members of staff, which in itself makes spamming and phishing a lot easier for hoodie-wearing ne’re do wells - AKA organised criminals.

But what about Office 365 (O365) and the growing popularity of migrating email to the cloud?

We’re right behind O365 and Microsoft’s efforts to make productivity, collaboration, remote working etc. easier and readily available to businesses to the point they are now being taken for granted.

However, whilst O365 is a powerful tool for all those reasons and more, when it comes to email security, it does not meet the requirements of most modern businesses.

Many people believe that by migrating to O365 for their email, they are also protecting themselves from spam, malware and phishing attacks because they are using the latest tech.

It simply isn’t true.

Think about it, if you were on Exchange before moving to the cloud…that didn’t come with advanced mail filtering, did it?

Sure, O365 comes with some basic filtering for types of unwanted email but it’s rudimentary and not really fit for business security needs. That’s why Microsoft provides its Advanced Threat Protection option at an additional (and fairly hefty) price for most of its O365 subscription levels. This in itself implies the basic level of protection is not enough and if you want to be safe, you must pay for it.

We’d agree with that but, whilst Microsoft are currently delivering some excellent products, they are not specialist experts in email security.

So why are basic levels of email filtering no longer enough? Put simply the attacks are now smarter than that level of software once again.

Most of the spamming domains and signatures that were being used are now long-recognised by legacy basic, modern levels of email filtering products. However, increasingly attackers are highly skilled at hiding or disguising the origin of their messages along with the reputation of the emails and sender domains. That’s why they are increasingly known as actors.

They are also using different reply-to addresses, non-malicious links and even “innocent” Word documents containing malicious instructions for users to carry out to help them get what they need to cause serious financial damage to individuals and businesses.

These messages and other sophisticated attacks are easily missed by basic or out-dated levels of protection and ‘free’ in-built security.

A recent Verizon report stated that well over 90% of cybercrime is now attempted via email because the attackers are leveraging the same changes that are driving businesses to migrate to cloud-based platforms like O365. Businesses are looking to drive down costs and minimise complexity which is leading to an overly simple and exposed security strategy.

It’s worryingly disproportionate that in research conducted by Vanson Bourne, 90% of global organisations have seen the volume of phishing attacks increase or stay the same over the last 12 months.

And yet other research suggests that the vast majority of businesses are spending less that 10% of their security budgets on protecting email.

All of this is telling us that, clearly, using O365 or suchlike is not enough if you want to be secure and, ultimately save your business £1000s after falling foul of an inevitable attack.

So, what’s the answer?

Simple, you employ a dedicated and modern email filtering service that sits between your email service and you.

These tools are far better at finding the more sophisticated types of attack sent via email and provide additional benefits to business such as email service continuity, encryption for added security and archiving if required.

They are also surprisingly affordable.

At Grant McGregor we can advise and provide a number of email security solutions to suit your needs.

For more information and detail click HERE or call the team on 0808 164 4142 today.