Protecting your organization from Phishing with Box & mxHero
We are all aware of email phishing and viruses. The news cycle continuously reminds us lest we forget. Studies point to email being the number one vector of cyber-attack (source). Many of us have been directly affected by this affliction of the digital age. Just a couple days ago we received a contact request email with the following reminder of how prevalent and real these threats are…
We have just been subject to a ransom attack that has disabled our entire domain. We previously installed [software name redacted] in an attempt to guard against attack but this has obviously been unsuccessful as it relies on users not clicking links or attachments. Your solution looks interesting and was recommended by Box. Please contact me asap. Thanks James [name changed]
We got in touch with the company and the story was pretty horrific. They were in the grips of a ransomware that had propagated across all the company’s servers and backups. Giving into the payment demands was being seriously considered.
Unfortunately, this is a story that plays itself out across every industry with companies of all sizes. Only the tiniest fraction of incidents actually makes it in the news. Most play out in the hushed quiet of board rooms, insurance lawyers, and the police. Significant resources are deployed and a massive $7B security industry exists in response to the growing challenges as companies become increasingly digital.
The challenge is a tough one to solve. Email is the fundamental means of communication inside and outside of most companies. The free flow of information that email permits is the cornerstone of the modern organization. Restricting email is a step that is understandably not considered by most companies.
That said, there are ways in which organizations can reduce the threats of email-based attacks without imposing any appreciable impact on how email is used by employees. One powerful technique is what we explain here. But to understand why this strategy is particularly effective, we should review why email is such a powerful attack vector. For this I’ll tell another true story. The following is the story of a very good friend of mine, who, perhaps justifiably, became a cyber-criminal for a day…
Wendy [not her real name], found her husband’s behavior very odd of late. Something was off. Suspecting the worst, that he was cheating on her, she hatched her plan. Through a friend she contacted a hacker. The hacker sold her a virus that would install a key-logger on her husband’s computer. With the key-logger installed she would have access to his key strokes and would be able to get his email password. The trick was how to get it installed. “Easy,” said the hacker. “Send him the virus renamed as a jpeg in an email. Tell him it’s a photo.” She did as instructed. Her husband received the email and tried to open the image on his laptop. He wrote back saying that the image was broken. She feigned surprise and sent him a real image. But the ruse had done its job! The first “image” was never meant to open, rather, deliver its nefarious payload. With the key-logger installed, she was able to discover the sad truth. But her story has a happy ending. She remarried an amazing guy and is today raising a beautiful family.
The above true story illustrates why email is such an effective means of attack. In most cases, for a hacker to get a foothold, he or she needs to get a program onto your device. What better way than to go through the front door of your email. Most of us get too much email, and in the flurry of daily activities, we can little afford the time to carefully inspect every “package” that comes in the e-mail. But it takes just one employee, one slip, one opening of a file for a virus to embed itself inside the walls of the organization and begin its attack from the soft underbelly on the inside.
“But wait, we have anti-virus and firewalls,” you say. Yep, so did both of the above cases. So did almost every company that’s been compromised, and yet the cyber-attack trends are only getting worse (source). The speed, sophistication and targeting of today’s attacks present too much of a moving target for static protections. Best practice guidelines suggest multiple layered defenses to help deflect as many attacks as possible. But there is little defense to that which an employee willingly brings into the network. Thus, the rise of spear-phishing. The weak link is always the human.
Might there be another way to approach email borne threats? What if we took a cue from the real (non-digital) world? Many companies have a camera at the front door, or a front desk to screen who enters the building. Might there be a way to have a “security camera” on our email attachments in a way that we could inspect attachments remotely before bringing them down to our vulnerable devices?
Fortunately, such a solution can easily be deployed by leveraging powerful content management platforms like Box. Box is the leading cloud content management platform (source) and provides capabilities needed for safely inspecting email content outside of the inbox. What makes Box particularly ideal for this task is its powerful preview capabilities supporting more than 140 file types. Box’s preview capabilities are advanced and renders files safely through the browser, away from the user’s computer. When combined with MxHero’s ability to automatically intercept inbound emails and move attachments into Box, a solution is born that provides a virtual “security camera” remote view of email content. This allows users to inspect attachment content prior to download. In this scenario, a virus masquerading as an image would be revealed without ever touching the user’s device. Furthermore, documents that otherwise render but contain viruses, would have to be relevant to the user’s business at hand — a much higher bar for the cyber-criminal to overcome.
In closing, a lot is being said about artificial intelligence. Security companies are all the rave about their advance AI detection capabilities. Although AI is certainly showing promise, we are in the very early days. Until AI proves itself an effective security tool, by providing always-on, Box remote file preview from which to safely inspect email attachments, mxHero is able to leverage a proven and very powerful intelligence, namely, human intelligence. By giving us a chance to see what we’re receiving before download, no longer is the human a weak link. Score one for the good guys!