HackDig : Dig high-quality web security articles for hacker

Why Your Advanced Spam Filter Isn't Enough

2016-03-29 12:30
<p><a href="http://blog.phishlabs.com/hubfs/blog-files/03-29-2016-Phishlabs-Blog-Infographic.jpg"><img alt="heading.jpg" src="http://info.phishlabs.com/hubfs/blog-files/3.29.2016_blog_Spam_filter_not_enough/heading.jpg" style="width: 320px; margin: 0px 0px 10px 10px; float: right;" title="heading.jpg" width="320"></a></p> <p>Advanced spam filters are a wonderful thing. Don’t get me wrong. But they aren’t enough to protect your organization from a phishing attack. If you’ve heard it once, then you’ve heard it a million times, it takes just <em>one employee</em> to click a malicious link or download an infected document to give your IT Support a headache or, much worse, cause a data breach. &nbsp;</p> <p>According to <a href="http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf">The Radicati Group</a>, a technology market research firm, 112.5 billion business emails are sent every day. There are approximately 1.08 billion corporate email accounts worldwide, meaning that each account is sent an estimated 104 emails each day<sup>1</sup>. According to research by Symantec, <a href="https://www.symantec.com/security_response/publications/monthlythreatreport.jsp">53.2 percent of emails are spam</a><sup>2</sup>. Based on this, the average business email account is sent 55.3 spam emails every day. &nbsp;&nbsp;</p> <p><a href="http://blog.phishlabs.com/hubfs/blog-files/03-29-2016-Phishlabs-Blog-Infographic.jpg"><img alt="1.08_billion.jpg" src="http://info.phishlabs.com/hubfs/blog-files/3.29.2016_blog_Spam_filter_not_enough/1.08_billion.jpg" style="width: 525px;" title="1.08_billion.jpg" width="525"></a></p> <p>Extrapolating further, if an organization has 5,000 employees they would receive an estimated 276,500 spam emails each day. Let’s assume this company has an email security gateway or anti-spam filter in place that its manufacturer claims will block 99 percent of spam. Assuming that’s the actual performance <em>(that’s iffy, I know)</em>, 2,765 of those 276,500 spam emails will land in user inboxes unimpeded.</p> <p>If 1.5 percent of spam emails contain malware (as research suggests<sup>2</sup>), that 5,000 employee organization would be exposed to an estimated 41 malicious emails every day. That’s more than 1,200 malicious emails every month that make it past spam filters and email security gateways to deliver ransomware, Trojans, and other malware into user inboxes. And that doesn’t even include phishing attacks that don’t deliver malware (like <a href="http://blog.phishlabs.com/scammers_up_their_game_with_new_bec_attacks_blog">business email compromise</a> scams).</p> <p>Thankfully, not every employee (let’s hope!) will fall for a phishing email— but about <a href="http://www.mcafee.com/us/resources/data-sheets/ds-email-protection.pdf">one in five</a><sup>5</sup> will. For this hypothetical 5,000 user company, that could translate to more than 240 cases per month where users open malicious links or files. That means there are eight incidents every day in which a user’s machine has a high chance of being compromised.</p> <p><a href="http://blog.phishlabs.com/hubfs/blog-files/03-29-2016-Phishlabs-Blog-Infographic.jpg"><img alt="2880_clicks.jpg" src="http://info.phishlabs.com/hubfs/blog-files/3.29.2016_blog_Spam_filter_not_enough/2880_clicks.jpg" style="width: 515px;" title="2880_clicks.jpg" width="515"></a></p> <p>How can an organization decrease its chances of being the victim of a data breach? First, we need to take a look at what variables can be changed. The volume of email and spam is expected to continue to grow<sup>2</sup>, so unfortunately, we can’t make those numbers smaller. No email security tool will block 100 percent of malicious email.</p> <p>That leaves us with our last and final defense against email-based threats –<strong> the employees</strong>. With a robust training program that simulates real-world phishing attacks and delivers high-impact training at the point of failure, employees can be successfully conditioned to recognize and report phishing threats. This can quickly, within a matter of months, drive down the number of users that fall victim to phishing while providing security teams a better way to detect the attacks that make it past their email security tools.</p> <p>At PhishLabs, we eat, live, and breathe phishing.&nbsp;We take that&nbsp;real-world experience and apply it to a program that will condition your employees to recognize and report phishing attacks that slip past your spam filter. As a result, you'll have more employees reporting those attacks and less employees clicking on malicious links or attachments.&nbsp;&nbsp;<a href="http://info.phishlabs.com/contact-us">Get in touch</a> today for a no-cost baseline assessment of your company's vulnerability to spear phishing attacks. &nbsp;<br><br><a href="http://blog.phishlabs.com/hubfs/blog-files/03-29-2016-Phishlabs-Blog-Infographic.jpg">View the accompanying infographic to this blog post</a>.</p> <p>-----------------------------------------------------</p> <p><strong>SOURCES</strong></p> <p>1 The Radicati Group, Inc. "<a href="http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf">Email Statistics Report, 2015-2019</a>." (2015)</p> <p>2 https://www.symantec.com/security_response/publications/monthlythreatreport.jsp</p> <p><sup>4</sup> https://usa.kaspersky.com/internet-security-center/threats/spam-statistics-report-q1-2014#.VstRv5wrKUk</p> <p><sup>5</sup> <a href="http://www.mcafee.com/us/resources/data-sheets/ds-email-protection.pdf">http://www.mcafee.com/us/resources/data-sheets/ds-email-protection.pdf</a></p> <p><sup>6</sup> Christina, V., S. Karpagavalli, and G. Suganya. "A Study on Email Spam Filtering Techniques." International Journal of Computer Applications IJCA 12.1 (2010): 7-9. Web.</p> <p>&nbsp;</p> <img src="http://track.hubspot.com/__ptq.gif?a=326665&amp;k=14&amp;r=http%3A%2F%2Fblog.phishlabs.com%2Fwhy-your-advanced-spam-filter-isnt-enough&amp;bu=http%253A%252F%252Fblog.phishlabs.com&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important">


Source: hguone-tnsi-retlif-maps-decnavda-ruoy-yhw/moc.sbalhsihp.golb

Read:2746 | Comments:0 | Tags:Phishing Spear Phishing Employee Defense Training EDT

“Why Your Advanced Spam Filter Isn't Enough”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud