Spear phishing is the new frontline in the battle to protect enterprise systems and data. As security scanning or gateway security services like ours have made it hard for traditional spam or phishing attacks to target businesses, the offenders are now moving towards spear phishing.
Spear phishing is a targeted attack using embedded malicious links in an email that appear to come from a trusted individual or organization. Once clicked, the organization’s security is compromised when the user is tricked into giving away sensitive credentials or is taken to a site that exposes their systems to malware. These emails are often created following social engineering reconnaissance that helps to make them look legitimate.
The rise in targeted attacks is linked to a broadly acknowledged principle defined by IT teams – that users are the weakest security link in a company’s network. IT teams work hard to block the majority of external attacks at the email gateway but an innocent click from an email to an infected site can undermine all this work. Even those with traditional web scanning in place may not be safe if the link is accessed from a mobile or personal device.
To combat this threat, we’ve announced Targeted Threat Protection. The new service scans all URLs in inbound emails every time they are clicked by the user, even if it’s through mobile devices not provided by the employer. This is done for all links in every email whether the sender is ‘known’ or not. The user has peace of mind knowing all links clicked on in email are protected and if the links is safe there’s no interruption to how they work – the site will open as normal in the browser.
However, if they do click on something malicious Mimecast will block access to the site, let them know and give them options on what to do next based on their security profile set by the IT team.
Wholesale URL protection of this kind is more safe and effective than attempting to detect a single phishing email and recognizes that links can start safe but be compromised at a later date. Links in emails are scanned every time they are clicked to ensure they are safe – not just the first time.
For IT and security teams, this new service protects the organization whether users are in the office or not, something on-premise security options struggle to offer. They also have peace of mind that the cost of the service is easy to predict as it’s licensed per user and not per device.
In addition, no extra resources are needed to implement the service – it doesn’t require installation on devices or for end-user’s browser proxy configurations to be changed.
It’s controlled from a single Administration Console alongside other Mimecast services, which provides full visibility of blocked links and sites to assist administrators with ongoing threat management, reporting and any end-user education designed to reduce future risky online behavior. This information is accessible through an easy-to-use search log which can answer complex commands such as ‘show me users who clicked bad links yesterday’. This data can be used by administrators to set different policies by end-user based on their security profile e.g. block outright any at-risk site or offer a warning page to alert more informed users.
The threats to an end-users’ inbox are constantly changing and have moved far beyond the daily barrage of spam and virus content on their work desktop. We have to protect their work and personal desktop, laptop, tablet and smartphone as today they use them all for accessing enterprise email. With next generation services like Mimecast’s Targeted Threat Protection, companies can stay ahead of increasingly sophisticated attacks without increasing the workload of IT teams.
If you’d like to talk to Mimecast in person about the email security threats and how our services can protect you and your company, we’ll be attending Infosecurity Europe this week at stand F86 – if you’re in London and attending do drop in.