Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    New Survey Finds 10 Percent Failure Rate in Email Security Systems

    By
    Wayne Rash
    -
    December 21, 2017
    Share
    Facebook
    Twitter
    Linkedin

      At first look, a failure rate of 10.5 percent doesn’t sound like a lot, at least until you realize that that’s the percentage of emails that online security systems apparently miss when they’re looking for spam, malware and phishing. Then when you consider that most organizations of any size receive thousands of emails per day, the numbers add up.

      In that 10.5 percent average false negative rate researchers at Cyren, Ltd., a provider of Software as a Service internet security company, found, that .33 percent contained malware and phishing emails. The remainder was spam.

      Of the 11.7 million emails that Cyren tested recently, that means approximately 34,000 emails contained phishing scams and 5,000 contained malware after they had passed through an email security appliance or other security software.

      The numbers were derived from Cyren’s Email Security Gap Analysis project which examined emails forwarded from email security systems at companies that wanted to test their email security systems. The test took place in September and October, 2017. The numbers are averages since the names of the actual companies aren’t being revealed.

      Much of the problem has developed because email security had become a commodity, according to John Callon, senior director of product marketing at Cyren. As a result there wasn’t a lot of new research and development going on, he said.

      “But there’s a lot going on in threats over time,” Callon said, which caused the people at Cyren to wonder, “Has email security been keeping up with the threats?”

      Callon said that the problem of phishing and malware has grown to the point that it’s become an industry in itself. “A whole service economy has developed around delivering and developing threats,” Callon said. “Now there’s malware as a service.”

      Callon said that the barriers to entry used to be higher because would-be hackers had to develop their own malware and delivery mechanisms. That’s changed, he said. “I can rent services that will give me exploit kits that will deliver botnets.”

      The problem is getting worse and there’s less time than ever to respond to a threat before it does damage.

      Georgia Weidman says that while general security awareness has gotten better, preventing an attack has become more difficult. “If you want to get to a specific person, it’s not very difficult.” Weidman, who is CTO and founder of Shevirah, a security firm in Ashburn, Va., said that spending some time doing research will generally enable a hacker to create a convincing phishing email that most people, not to mention automated systems, will miss.

      Weidman’s company specializes in penetration testing. She noted that while it’s still possible to spot fake emails and the imposters that create them, it pays to have training.

      “A lot of companies aren’t doing that,” Weidman said. “They aren’t taking that threat seriously.”

      Weidman said that one important method of training employees in email security is to send out fake phishing emails. She said that anyone can create such emails for training by using the company’s Dagah software, and she said that a limited version is available for free.

      The training can be crucial, because without it, malware and phishing attempts can penetrate a company in surprisingly little time. According to Callon, a new phishing campaign can expect a delay of only 2.5 minutes before the first email is opened and only 4 minutes before the first click. This means that any automated systems must respond almost immediately to be effective.

      Adding to the complexity of catching such email attacks, Callon said that everything about them is dynamic, with phishing URLs changing in minutes. This means that many of the automated email screening packages can’t react in time if they’re keying on a phishing URL.

      “Within the first hour, 80 percent of the recipients of a phishing campaign have already clicked,” Callon said stressing that security needs to work on that time scale. Cyren sells a cloud-based product that Callon said can react fast enough, but he said that training also helps keep malware and phishing at bay.

      But Callon said that there’s a lot more that email security can do to ferret out problem emails than many appliances and filtering systems are doing. Those methods include pattern recognition and metadata examination. “There’s a rethinking of email security going on,” he said.

      The problem, as Weidman said, is that organizations need to take email security seriously. And they should. Weidman pointed out that virtually all of the recent breaches have a phishing component that was delivered by email and in many cases the phishing email was also used to deliver malware.

      But as employees become more security aware, the threat has begun to morph. “We are seeing phishing move to text messages, Twitter, Facebook and even quick response codes that people can scan,” Weidman said. She noted that mobility makes it worse because it’s harder to identify the threats when they arrive.

      The stakes are getting higher, so the need to deal with email, and by extension social media, attacks is becoming more important. A gap in email security can lead to a major data breach including the theft of money or other assets bringing embarrassment for the organization when it has to confess that it was penetrated by hackers. Email security may be boring, but it’s critical to the organization if it’s going to stay secure.

      Avatar
      Wayne Rash
      Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and is Senior Columnist for eWEEK. He is the author of five books, including his most recent, "Politics on the Nets". Rash is a former Executive Editor of eWEEK and Ziff Davis Enterprise, and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center, and Editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×