It All Starts With Phishing
Opinions on the percentage vary but the lowest we have seen is that 80% of successful Cyber Attacks leading to data loss last year started with a Phishing attack.
The usual controls adopted to manage Phishing threats are end user education combined with anti-virus software. Sadly, Education is necessary not sufficient, and neither is anti-virus software.
What is needed is a community based response to remove Phishing emails from users mail boxes before the email is even read. Which is exactly what is provided by our partner CoFense.
Email, Web and Document Threats
Two other channels that expose you to malware are email attachments and web downloads. A growing threat is malware delivered in email attachments as password protected zip files and malware in office documents. Upstream email filters and anti-virus do not usually detect encrypted zip file contents, polymorphic viruses or zero-day vulnerabilities and we have seen testing data suggesting that most AV software is at best 80% effective.
Our partner Opswat addresses these threats through trapping encrypted zip files and asking the end recipient for the password to allow it to be disarmed it also applies a unique approach to malware removal by identifying the “known good” parts of a file to allow through rather than relying on “known bad” signature checking which allows zero-day malware to escape detection.
Cloud, Office 365 and Mobile Devices
Microsoft have provided a very wide range of cyber security products and services ranging from an OWASP blocking Web Application Firewall on Azure through Security Centre, Policy enforcement, Information Classification and Labeling and DLP all the way to the new Sentinel product which aims to displace Splunk and Q-Radar from the SEIM on Cloud market and InTune, a highly integrated Mobile Device Management Solution.
Advanced Behavioral Profiling
Given that no security is 100%, malware and bad actors can be present on your network (you may even employ them) you should have an advanced AI solution monitoring your office, cloud, data center and Office 365 activity to learn behavioral characteristics and isolate devices that are behaving strangely automatically without the need for a Security Operations Team. We are proud to partner with DarkTrace for this service.
We have assembled a suite of software ‘TEKSecure’ that we can usually offer on a per month bundled price with installation and support which will truly make a difference to your organisation’s security in these challenging times.