Article Written by Erik Brown, CTO at GigaTrust
Scientists recently
dispelled the myth that sharks attack humans because they mistake them for
other prey. In fact, sharks can see clearly below the murky waters. But,
it’s not as easy for victims of phishing attacks to see what’s lurking behind
an attached document or link within an email.
Email is the lifeblood of
communications for organizations around the world. Among the 296 billion emails
sent daily, there are dangerous emails lurking within. A successful email
attack can cost companies as much as $4 million per incident. In honor of Discovery Channel’s upcoming Shark Week, let’s
look at what these dangerous and misunderstood creatures can teach us about
email and document security.
Beware of Phishing Attacks: Phishing attacks use “bait” to catch their victims and can cause significant
damage. The 2016 DNC Hack, for example, was a pretty large bite: a
leak of 19,252 emails and 8,034 attachments. Like a good fisherman,
organizations should test their lines in advance by training their employees
and conducting mock attackts. To minimize the damage of a leak, a security system that enables encrypted email and security document collaboration should be considered.
Know the Landscape: There
are over 400 species of sharks wordwide, and 2016 had a record number of shark
attacks and bites (107). Just as most beaches are safe, emails are a
common part of business and are generally benign. As vacationers flock to
beaches this summer, they should swim with confidence yet be aware of their
surroundings. Don’t venture into deep water alone, and use the buddy system to
keep track of your family and friends. Employees should send and read their
emails with confidence as well, and have the ability to secure critical (deep
water) emails sent both inside and outside the company. A secure collaboration system that
provides anyone-to-anyone secure document sharing can ensure that critical content
is protected from harmful attacks.
Confidential Documents are Blood in the Water: Sharks have a very acute
sense of smell and detect injured creatures from miles away. They prey on a
variety of sea life and their attack can be swift and vicious. Hackers send
phishing attacks across an entire organization and when they detect an entry
point, they pounce. When
employees email confidential documents, the sensitive information can fall prey
to these attacks and cause massive
damage. Enterprises can further improve security by encrypting confidential
information on disk (at rest), during communication (in transit), and while
viewing and editing (in use).
Just Keep Swimming: Some
species of sharks have
to move constantly to survive. Hackers are constantly
growing new teeth in the form of ever more sophisticated attacks, so IT
administrators should stay on top of the latest security news and threats. Applying security updates and evolving
enterprise systems will help stay ahead of possible attacks.
Analyze the Depths: A
shark’s body is supported by cartilage rather than bones, which helps them swim
comfortably at multiple depths of water., Security professionals can get
comfortable with the information they track, but hackers are swimming at
multiple depths. Look for ways to gather and analyze new types of data to help
detect malicious activities. Tracking the movement of and interaction with confidential
email and documents is one way to gain insight into behavior across an
organization. This and other behavior analytics can alert administrators to
suspicious activity when an attack is in progress or before it really begins.
Layers of Personalities: Recent studies have indicated that sharks can have
distinct personalities. Good fishermen know this. They ensure their bait and
tackle is ready; they know which type of bait will lure different fish or
sharks; the understand the strength of their lines and tackle. Enterprises also
need to be prepared to protect their employees and information, especially as
corporate data is increasingly accessed by remote employees and contractors on mobile
devices. It’s virtually impossible
for an enterprise to oversee the security and usage of every access point into
the enterprise, and breaches can happen when individual files are viewed or
shared. Adopting a layered security approach that considers different entry
points and scenarios provides broad protection for the organization. While
preventing attacks is the best option, be prepared to detect and respond to
possible attacks that your prevention systems might miss. If a hacker gains
access to critical internal systems, is the organization prepared? Is data secure and access restricted within
the corporate network?
IT
professionals navigate a sea of potential threats, and they never know when a
shark may be lurking just out of sight. The ideas presented here will help
enterprises prepare for the hackers (sharks) that may be swimming in your part
of the Internet.
##
About the Author
Erik Brown joined GigaTrust in 2017 as Chief Technology Officer where he is responsible for the IT, engineering, and customer service functions. He has over 25 years’ experience working with new and emerging technologies, most recently with mobile development. Erik’s career includes technology positions in successful start-ups and Fortune 500 companies. He has worked as a developer, architect, and leader in mobile development, digital imaging, Internet search, and healthcare. He also brings his experience with patent development, and as a technical author and conference speaker to the company.
Prior to joining GigaTrust, Erik served as an Associate Vice President, Innovation and Delivery Services in Molina Healthcare’s IT department where he oversaw a team of 40 people focused on improving and standardizing the use of new technology. He spearheaded the development and deployment of Molina’s first mobile application for home-based assessments, and created an internal Incubator program for identifying and funding new ideas within the IT department. Erik also worked as Program Manager and Architect in Unisys Corporation’s Federal Systems group as well as at several successful start-up companies, including Transarc Corporation (purchased by IBM in 1994) and PictureVision, Inc. (purchased by Eastman Kodak in 2000).
Erik is the author of two well-received books on Windows Forms programming, and has spoken at numerous conferences including the 2014 mHealth Summit. He is a graduate of the Society for Information Management’s Regional Leadership Forum, and is a certified project manager and scrum master (PMP, PMI-RMP, CSM, and ITIL). Erik holds a BS and MS degree in Mathematics from Carnegie-Mellon University.
