Flash quiz: What tool do humans use most often for sharing, collaborating, coordinating and archiving? Answer: Email.
And precisely because consumers and companies continue to rely so heavily on email, cyber criminals relentlessly exploit email as a favorite attack vector. Thus spear phishing remains the primary way intruders initiate Advanced Persistent Threat (APT) attacks.
And Business Email Compromises—a scam in which the bad guys craft a message that spoofs a senior executive in order to trick a subordinate into making a cash transfer—continues to rise.
Messaging security vendor Agari is on the forefront of helping organizations defend email attacks. ThirdCertainty asked Agari’s new CEO, Ravi Khatod, to supply a 30,000-foot view. Text edited for clarity and length.
3C: Are we at a crossroads when it comes to trusting email?
Khatod: Essentially, normal email isn’t safe. From a business perspective, this is an extremely complex problem to solve. These highly publicized cyber attacks are creating a culture where people are automatically seeing email as untrustworthy. People need real solutions to thwart these email threats and restore trust across all communication channels.
3C: What’s coming in the second half of 2016 and 2017?
Khatod: Many businesses are trying to fight phishing attacks—including spear phishing and business email compromise—by teaching their employees to question the authenticity of each email they receive. It just does not work. As attacks become more sophisticated, businesses need to think about advanced and secure technology options to protect their company assets and employees.
3C: Is it enough just to lock down email? What else needs to be addressed?
Khatod: Cyber criminals use multiple attack vectors. In particular, spear phishing attacks aimed at specific employees with access to privileged systems is a commonly used technique and can cause heavy damage to businesses. But a one-size-fits-all approach will not be enough. Companies need multiple controls—a mixture of complementary tools where prevention, early detection, attack containment, and recovery measures are cohesive.
3C: Where is the business sector, as far as overall security awareness?
Khatod: Cybersecurity is now a board-level topic. The CISO used to be seen as solely a technologist—those days are over. In this environment, CISOs need to cultivate relationships with other executives and position security as a business and financial risk area, in addition to advocating proactive investments to mitigate security risks before an attack happens.
3C: What are your goals for Agari?
Khatod: Agari has world-renowned data scientists who specialize in email security, an unmatched amount of data (10 billion emails per day), and a customer base made up of leading Fortune 500 companies that love our solution.
Our goal is to leverage these incredibly valuable assets within our email security platform in a way that eliminates email as a channel for cyber crime. We want to protect enterprises and their customers from advanced email attacks, enabling both the public and employees to once again trust their inboxes.