Malware everywhere.

With 40,000 employees in 140 countries and 1200 staff in Australia alone, “You don’t have to look too far to find examples” of the methods email fraudsters are using today, Grant Thornton information security manager Gavin Townsend said while joining me onstage to share his firm’s experiences with email threats.

As a business advisory firm charged with protecting massive amounts of confidential information, Grant Thornton has worked hard to protect its email channels and has implemented Mimecast security tools as part of an integrated defense against email attacks that have more complex and convincing over time, says Townsend.

One very well-crafted attack, he showed, recently came in purporting to be a bill from Telstra. It might have passed inspection by any of the firm’s employees – but when 10,000 of the messages were received and quarantined overnight, it quickly became clear that something was wrong.

The Mimecast platform protects Grant Thornton from the content of malicious emails no matter how convincing they seem. Its URL Protect capabilities had provided a filter that rewrites embedded URLs to go through a proxy where their real destination is carefully checked first. Messages with attachments are carefully examined, and unknown attachments can be executed in a virtual ‘sandbox’ to monitor their behavior and add the attachment to the list of known malware.

Yet not all attacks involve clicking: the firm has also been receiving carefully-crafted business email compromise (BEC) messages that spoof executives’ identities in an attempt to convince other executives to urgently forward money to a supposed supplier.

“I would have thought we would see these so blatantly obvious,” Townsend said while noting that many messages create a “sense of urgency” that often overrides employees’ better judgment.

“Email really is reaching a level of risk criticality,” he said. “Protection is around, but it really comes down to that user training and human firewall. We really emphasize context when training our users: does it make sense that this email is coming to you?”

Grant Thornton has even had to deal with one scammer who registered a domain name that was almost exactly the same as their own. By posing as an employment site within the firm, the imitation site had been set up to harvest the personally identifiable information (PII) of prospective job applicants. Closing it down took Grant Thornton all the way through the World Intellectual Property Organization’s (WIPO’s) domain dispute resolution process.

Ultimately, Townsend said, the firm’s approach to cybersecurity has grown in three key areas:

1. Cyber Protection - A combination of risk management, perimeter solutions, processes, training, and technical hygiene.

2. Moving from defense to offense - Increasing network visibility, using forensic processes, and using cyber intelligence to build up a picture of what suspicious and anomalous behavior comprises.

3. Cyber resilience - Security processes work in tandem with backup/restore, business continuity, and business response planning to ensure business downtime is minimised in the event of an attack.

“In each of these domains there are a number of various components,” Townsend explained. “It’s important to keep defining and redefining the problem to make sure you keep asking the right questions. And when you’re done, flip it around and ask the same questions from the perspective of the hacker. It all comes down to finding your weakest link.”

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Defend Against Malicious Email Attachments and Malware

Think your users would never fall for an…

Think your users would never fall for an email scam? Think a… Read More >

Alison O'Hare

by Alison O'Hare

Technical Director

Posted Nov 14, 2017

3 Tips for Expanding your Organization’s Advanced Security Strategy

With a leadership team in place and a s…

With a leadership team in place and a set of known and like… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017

One Internet Minute, Millions of Opportunities for Cybercrime

High volumes of email and social media p…

High volumes of email and social media posts increase the ri… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Aug 14, 2017