Email Security

    Inadequate Cybersecurity Measures  

    Good enough security isn't good enough.  

    by Boris Vaynberg

    Just checking the cybersecurity box with a few well know measures is not enough with today’s extremely sophisticated cybercriminals and even Ransomware as a Service offerings. It is the equivalent of an ostrich putting its head in the sand or an opossum playing dead to ignore an impending threat.

    A Cautionary Tale

    You have probably seen hundreds of breach stories by now and may even be desensitized by their impact. However, it is important to recognize the root cause of these breaches in order to learn from these cautionary tales. For example, Ellen Yu reported in ZDNet on Singapore's most recent severe cybersecurity breach that:

    “…a July 2018 security breach that compromised personal data of 1.5 million SingHealth patients. The incident also compromised outpatient medical data of 160,000 patients that visited the healthcare provider's facilities, which included four public hospitals, nine polyclinics, and 42 clinical specialties.”

    She went on to discuss why this happened:

    “Investigation into the July 2018 incident reveals tardiness in raising the alarm, use of weak administrative passwords, and an unpatched workstation that enabled hackers to breach the system as early as August last year.”


    4 Common Inadequate Measures

    For decades, there have been numerous technologies and cyber security measures that organizations have relied upon that unfortunately don’t really meet the standards required to truly prevent zero-day and other malicious code entering your network today. The top four you should investigate further include

    1. Trusting Your Employees: You have probably figured out by now that your employees are your greatest asset but also your most vulnerable liability when it comes to cybersecurity. Using email communications and just trusting that employees won’t mismanage their passwords, fall prey to a phishing scam or fail to update their workstation when IT sends out a change notice is a recipe for disaster.
    2. Trusting Your Firewall: Most cyber protection strategies started with the premise of keeping the bad guys out, so firewalls were heavily relied upon for this strategy. They can be effective for the broadest of advanced persistent threats, but still will allow some penetration from the outside and almost no protection form insider threats.
    3. Trusting Your Signature-based Prevention: Once some poor unfortunate organization has been hit by a new malware attack, cyber security vendors can identify and update their signature files in order to protect others, however, the threat of zero-day attacks has become so prevalent that signature-based solutions alone are far from adequate protection today.
    4. Trusting Your Sandbox Alone: The introduction of sandboxes greatly increased your cyber threat protection, but unfortunately at a significant overhead and cost if used alone. This is why we have discussed how to add “Nitrous Oxide For Your Sandbox.”

    A Better Way

    The addition of Solebit into the Mimecast family gives you a leg up on preventing that one entry into your cyber environment. Further enhancing Mimecast’s cyber resilience platform architecture, Solebit provides powerful threat protection to help customers face today’s broad threat landscape with evasion-aware, signature-less technology.

    The Solebit solution uses Multi-Tier protection to defend against attacks at different levels of the stack. This comprehensive approach is powerful, as evasion techniques may spread across different layers.

    The solution protects against advanced malware by using Solebit’s deep inspection that analyzes commands at the CPU level, all the way up to the application level, analyzing macros and embedded JavaScripts in Microsoft office or any other data file types whether on premise or in your public or private clouds.

    Learn more here.



    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page