As an integral communication and collaboration tool for any organisation across the globe, email remains an attractive attack vector for cybercriminals. Husni Hammoud, general manager, Middle East, CEE and Turkey, Barracuda Networks, discusses how organisations can stay one step ahead of the bad guys.
Email continues to be the most common attack vector. What are the most common mistakes end-users are committing when it comes to email security?
The most common mistake is failing to identify a phishing email. Once an end-user clicks on a link in one of these emails, replies to it, or even simply forward it to somebody else, it will start a chain of events that can lead to email account compromise, business fraud or more.
Many users today are also using a unified inbox on their mobile device, which combines emails from business and personal accounts into a single list making it difficult to identify the source of each email. Cyber-attackers are taking advantage of this and are now starting to subvert users via their personal email account, therefore, bypassing all email security their organisation has put in place.
What best practices should IT security leaders take to correct these mistakes and to strengthen their security postures?
Email threats are continuously evolving and are increasingly becoming more sophisticated. In addition, more and more cybercriminals are using social engineering techniques to bypass traditional gateway security defences. Organisations need to invest in additional layers of security such as those provided by Barracuda Sentinel and Barracuda PhishLine, which extend email protection to include inbox defence, fraud protection and security awareness training so that end-users within the organisation are fully protected from the latest threats.
IT security leaders should ensure they have effective defences against social engineering and spear phishing attacks by implementing additional security layers such as inbox defence and account takeover protection.
They should also invest in ongoing security awareness training for their entire user base. This will help their employees to detect and identify any potential threats that have slipped through the organisation’s security systems.
How can automation optimise effective cyber forensics and incident response?
If an organisation is hit by a cyber-attack, quickly identifying and responding to it is vital in order to minimise and prevent any damage. This is a difficult and time-consuming task for IT administrators and they are often faced with the challenge of being inadequately resourced.
Automated solutions such as Barracuda Forensics and Incident Response are able to analyse traffic patterns and other signals in real time and alert IT administrators to suspected attacks at the earliest opportunity. Solutions like these will help assist IT administrators to accurately assess the nature and scope of the attack. It can also automatically delete malicious emails and rapidly carry out remediation actions to halt an attack’s progress and minimise the damages.
How can Barracuda’s Forensics and Incident Response capabilities enable organisations to achieve total email protection?
Email threats are continually evolving as attackers seek new ways to bypass security defences and attack end users, which means that although the latest solutions provided by vendors such as Barracuda are extremely effective, no security solution is 100% perfect.
Our Forensics and Incident Response offerings enable IT administrators to identify email threats quickly and accurately as well as address them to prevent any significant damage to the organisation.
Has the move to cloud finally become a realistic prospect for the Middle East, and what implications does that have on security?
Yes. In fact, we are witnessing many businesses, individuals and even government departments increasingly adopting cloud-based email servers. The appetite for cloud is there and adoption is rapidly increasing especially with the recent announcement that Amazon Web Services (AWS) and Microsoft Azure are set to open their first data centres in the Middle East.
Fundamentally, applications in the public cloud run in the same way as they do in an on-premise or privately hosted environment. It is important to note that, wherever it may be, the cloud is not necessarily secure. While this gives customers the security and scalability of the public cloud, they should keep in mind that they are still responsible for protecting their applications and data against a variety of attacks including network breaches, zero-day malware exploits, targeted attacks, advanced persistent threats, data leakage, and application-layer denial of service (DoS) as a part of the shared security responsibility model.
What offerings do Barracuda Networks have in terms of providing a secure cloud environment for regional organisations?
With Barracuda’s solutions for Azure, AWS and GCP, organisations can use the same Reference Architecture for on-premises WAFs and firewalls to secure a web-facing application. This makes it much easier, safer and more efficient to deploy workloads in the public cloud. Furthermore, by deploying the Barracuda CloudGen Firewall, IT teams can gain an almost unlimited capability to remotely connect users to these applications. Dedicated VPN clients are also available for the Barracuda CloudGen Firewall to support most popular device operating systems. The CloudGen Firewall also provides highly granular control, which can be defined both by user and application, further hardening an organisation’s security when running mission-critical apps in the cloud.