After coming across a New York Times article from earlier this year on ransomware attacks crippling cities and businesses, I thought it was time to revisit the cybersecurity threats facing customers and their intersection with what is still the number one business communication tool – email.
In reviewing Fortinet’s FortiGuard Labs’ threat research resources, including our partnership with global customers conducting threat assessments using our Cyber Threat Assessment Program (CTAP) for email security, some obvious (and not so obvious) findings become clear.
Among the most serious findings is the prediction that ransomware will be a hallmark challenge for the year ahead. Of course, no one can forget the scourge of notorious ransomware threats of the past several years that crippled networks, caused massive financial losses, and captured the headlines. For enterprises with tens of thousands of endpoints and thousands of applications and servers spread across hundreds of sites, these ransomware attacks had a devastating impact – ultimately costing organizations around the world billions of dollars. Ryuk is one of the latest ransomware threats to make headlines. What’s most interesting is how this exploit’s backdoor was delivered when a user first clicked on a link inside a phishing email.
But it’s not just ransomware that customers will face in the year ahead, but a myriad of other threats as well. This warning aligns with a significant increase in emails exploiting Coronavirus-related themes and social engineering tricks to achieve malicious objectives that have been recently observed by our FortiGuard Labs threat research teams. Whether it’s phishing scams, targeted malware, or a combination of both, one thing is consistent about all these attacks – the vast majority will be delivered straight to your inbox.
Now, more than ever, it’s critical to remember that email remains the number one threat vector in the world, and as a result, it needs to be properly secured.
Uncovering Risks with Fortinet’s CTAP
Of course, not all email security solutions are the same. Remember, only one user needs to click on a malicious email attachment that has managed to slip past an aging or inadequate secure email gateway to compromise your entire network. It is essential, therefore, to ensure that the secure email gateway solution you have in place is capable of meeting today’s security challenges.
There are two ways to determine if your secure email gateway solution is able to adequately defend your organization against the latest wave of phishing, spear phishing, and similar attacks, and if your security infrastructure is capable of protecting you from the ransomware and other malware that malicious email can drag into your network: You can either wait for a breach to occur, or you can run proactive validation tests to ensure that the tools you have in place are prepared to defend you against the latest most sophisticated threats.
The Fortinet Cyber Threat Assessment Program (CTAP) is designed to help organizations better understand their Security Risk by determining which application vulnerabilities are being used to attack the network, which malware/botnets may be in your environment, what phishing attacks are able to make it through existing defenses, and which devices are most “at risk.” It can also determine what productivity tools are being used, and how much bandwidth is being consumed by all of this. All of this data is then used to establish a security breach probability baseline for organizations, and then anonymously correlated with data collected from other organizations centrally to establish insights into global threat activities.
CTAP participants rely on Microsoft Exchange Online or Office 365 for their email today, and many already have some features or third-party products enabled for email security. But as you will see from the data we’ve collected at Fortinet – many may still be at risk.
The Rise of Email Threats
For the month of January, an analysis of our email assessments showed that organizations are still being overwhelmed with email messages that are spam or marketing newsletters. The bandwidth and productivity hit from this unwanted traffic is clear, and organizations are advised to take measures to get this back under control.
But where the statistics get most interesting are with the data collected about malicious or potentially risky emails and URLs that land in user mailboxes. And what’s most alarming about this data is that all of these customers already have some sort of email security in place.
Even after an organization’s existing email security solution did its best to filter out malicious or risky traffic, our email analytics found that 1 in 3,000 messages still contains malware, including ransomware. What’s more interesting is that 1 in 4,000 contain previously unknown malware. These are often advanced or zero-day threats, and maybe the latest ransomware variant – and why customers more than ever need to think beyond the rigid, signature-based approaches for protection used by most email security solutions, and incorporate sandbox technologies for email scanning.
Digging deeper, Fortinet also found that 1 in 6,000 emails contained suspicious URLs. While not all of these links may be associated with the distribution of malicious content, many of them could easily become a launching pad for a future ransomware campaign, or a phishing attempt to steal valuable credentials to gain access to an organization’s network and critical assets.
To put this into perspective, the average employee receives 121 emails per day. For an organization with 100 employees, this means that they will need to address 4 emails infected with malware, 3 infected with previously unknown malware, and 2 emails containing suspicious URL links every single day.
And this can be more difficult to address than it may seem. For example, brute force blocking of all suspicious or unknown URLs may create an uprising from end-users, or an IT support headache. Instead, organizations need to have next-generation isolation solutions in place to eliminate these risks.
FortiMail Stops Advanced Threats and Prevents Data Loss
Of course, to learn if your organization is vulnerable, you need to determine whether or not your existing email security solution is still effective as well as whether your existing vendor is able to adequately support your solution for maximum efficacy. That begins by simply signing up for a free threat assessment. This zero-impact analysis provides an executive-level summary report on your email security threat posture to help guide your security planning.
Whether your organization needs to upgrade their email security, or simply wants a more comprehensive and easier-to-manage solution, FortiMail provides the full range of advanced security protection, visibility, and interoperability that today’s organizations require. By combining FortiMail’s proven capabilities for anti-spam, virus protection, content disarm and reconstruction (CDR) with its Security Fabric-based integration with the FortiSandbox Advanced Threat Protection and FortiIsolator Browser Isolation solutions, Fortinet offers the right technical approach for addressing the full range of advanced and evolving email-based threats customers will face in 2020.
Sign-up now to start a free email assessment so you are prepared for the year ahead.
Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.