Email security bill of rights for a zero-trust world

Join online with today’s leading executives at the Data Summit on March 9th. Register here.


This article was contributed by Shalabh Mohan, Chief Product Officer, Area 1 Security.

Reports that F 1.7 million in NFTs were stolen from open users in a phishing attack on Marketplace have once again brought email security into the global spotlight.

The attack shows the vulnerability of the email; Most estimates suggest that email is the root cause of more than 90% of successful cyber attacks. And although Business Email Compromise (BEC) attacks make up a small percentage of the attacks, they do the most damage: our data suggests that BEC accounted for 1.3% of the attacks but would have resulted in more than $ 354 million in direct losses.

Hackers are becoming more sophisticated in their phishing email attempts to steal personal and company data. Attackers are pretending to be a recognized brand and using legitimate cloud hosting services like Google Cloud and Microsoft OneDrive in their arsenal, which can bypass security systems and users. Attackers are using social engineering tactics, often arising from links contained in phishing emails, to gain unauthorized access to company systems or personal information. To be sure, state-of-the-art technology and trained security analysts are needed to identify the most convincing attacks. As a result, companies should re-evaluate their approach to email security and users’ rights.

Despite next-generation zero-trust network access (ZTNA) technologies designed to reduce the sideways movement of malicious applications and scripts, it has become difficult to protect against email-based threats.

Education and training are important. However, companies need effective and responsible email security techniques to bridge the gap between unreliable paranoia and human confidence. Underpinning this security sermon is the concept of the “Right to Email Bill” to restore trust in the modern dangerous environment. The customer should expect the email to be secure, the way the car can be driven without breaking down.

Everyone should have the fundamental right to email that is private, trustworthy, automated and adaptable – and consequently secure.

Suggested Amendments to the Rights Email Security Bill:

People’s right to privacy

Consumers have the right to an email account, the content of which should be reserved for senders and recipients. Absent legal intercepts, organizations and individuals should be relieved to know that the contents of their inbox are securely protected for the eyes of the authorized account holder.

Account takeover (ATO) fraud, a form of identity theft in which fraudsters gain access to victims’ accounts and Microsoft Exchange server-style, supply-chain attacks, where email inboxes used by companies are made sensitive by zero-quarters. Exploitation of the day, still paying special attention. But these violations do not originate from “human error” in the traditional sense.

Companies ’internal security organizations should implement strong multifactor authentication restrictions and be vigilant to patch up IT vulnerabilities immediately to minimize cyber threats.

Enjoy a reliable system

In a zero-trust security environment, reliability seems like a very distant bridge to email communication.

Despite the distrust in IT systems, there should be adequate ZTNA-ready email security techniques that maintain a proper balance between zero trust authentication and authenticity and peace of mind. Zero trust does not mean not trusting employees. Companies can allow certified access based on key trust parameters while ensuring that data loss can be minimized and events resolved quickly. Even with Bleeding-Edge Email Security Tech, companies need to promote a security culture of trust – but check.

Automation will not be denied

Modern enterprises should take advantage of email security solutions that reduce the need for manual intervention and fine-tuning. Our research has shown that manually analyzing phishing emails that slip through cracks and tuning security rules and policies to compensate for them is a frustrating proposition, when dealing with sophisticated and sophisticated threats. In addition, missed threats account for less than 0.5% of the average monthly email traffic. However, to create a security disaster it takes only one missed threat that damages the company’s operations and costs millions.

Artificial intelligence (AI) and automation can keep a company’s inbox clean, relevant, secure, reliable and trustworthy. Using the power of automation, companies can assign their security and IT personnel to focus on critical risk priorities, while AI-powered applications can quickly, reliably and accurately filter out harmful emails on a scale. With companies handling hundreds of millions of incoming emails every day, there was never a need for automatic threat detection.

Adaptability, required

Phishing campaigns are about human behavior. An email about a special offer from your favorite retailer that is just for you? Attackers are using this technique to get people to click on a link that leads them to fake websites where they disclose personal or company information. Watching these behaviors and how people interact with their email can help determine if their actions are safe or if they pose a security risk. As a result, email security technology should be adaptable. Inbox filtering technology should be constantly learning and using advanced analytics so that there is a constant understanding of new risks.

Cyber-threat actors are using sophisticated techniques to launch phishing attacks, whether it be spear phishing that targets specific individuals who have authentic reports of documents for wishing, or voice phishing, including fake voice messages or files or voicemail. Contains emails containing. Which leads to the recall of the victim for providing personal information which will be used in other attacks. Defenders must assume that the attackers are taking advantage of the latest technology and want to maintain an edge in the relentless cyber-arms race.

The key is to push the boundaries of machine learning and data science further and to allocate significant resources for cyber-threat intelligence research. In this way, companies can reassure customers that they are constantly evolving into the same spectrum of the next generation of email-delivered threats.

We, the email users

Faced with increasingly sophisticated threats, it’s time for companies to rethink their email security strategies. The cyber security community can help companies reduce the source of cyber-threats and restore trust in the increasingly untrustworthy Web 3 world.

In 2022 it is not unreasonable for consumers to expect the right to privacy, trust, security and accountability from their email services. This is no longer a luxury, but a necessity for a world dependent on digital communications.

Shalabh Mohan is the Chief Product Officer of Area 1 Security,

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.

If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing to your own article!

Read more from DataDecisionMakers

Similar Posts

Leave a Reply

Your email address will not be published.