Senior Vice President and General Manager, Network Security Pat Calhoun is responsible for defining and executing ...
It’s remarkable how frequently I engage with a customer about how they are protecting their intellectual property and learn that email protection isn’t even part of their network security plans. It’s not that they are overlooking it, it’s that society now believes that email threats are ‘just spam,’ when the reality is that email continues to be a primary method for bad actors to initiate contact with consumers and employees.
In a recent discussion with a customer, I learned that one of their employees had connected to a fake hotspot and, thanks to the art of social engineering, was fooled into providing some of their colleagues’ email addresses in order to get free Internet access. What he didn’t know was that bad actors sent spear phishing emails to these colleagues, which then fooled them into downloading malware and unwittingly contributing to a network security breach.
What most people don’t realize is that email doesn’t just open the door to unsavory advertising – it is in fact a tried and true method used by hackers to circumvent your network security. In fact, McAfee just released its Quarterly Threats Report, which shows that malware growth in Q1 2012 is the highest it has been in the past four years. Further, while global spam levels are down, spear phishing continues to be a serious problem, with an average of 2,200 new phishing URLs per day – proof that threats are increasing in their sophistication. Botnet infections also continue to rise, with email being a primary means of luring unsuspecting victims.
So what does this mean to you? When you are looking at your security architecture, ensure that email is part of the picture. Don’t think of email threats as simply spam. Unfortunately, the lack of adequate email protection is a primary factor in the increase in threats worldwide. Ask your security vendor what they are doing to help protect your entire online environment – including email – and make sure they have made the necessary investment in network security to identify and protect your users and your corporate assets.