420 likes | 616 Views
The impact of email-borne threats Why companies should recognise and embrace the need for change. Phishing Attacks per Year. Source: RSA (2014). Phishing Campaigns per Year. Source: APWG (2013). Reality Check. Change in measurement methodology. 300% increase. Source: APWG (2013).
E N D
The impact ofemail-borne threatsWhy companies should recognise and embrace the need for change.
Phishing Attacks per Year Source: RSA (2014)
Phishing Campaigns per Year Source: APWG (2013)
Reality Check Change in measurement methodology 300% increase Source: APWG (2013)
Why is Accurate Measurement Important? “To measure is to know… If you cannot measure it, you cannot improve it.” Lord Kelvin
Getting Upstream for Accurate Measurement Current measurement Downstream vendors Fuller picture Data filters New measurement Upstream ISPs
Full Spectrum of Email Threats Active Emailing Domains Non-Sending Domains Defensively Registered Domains
Full Spectrum of Email Threats Unaffiliated Domain Threats Look-a-like Domains Subdomains of Another Domain Different Brands’ Domains Active Emailing Domains Unaffiliated Domains Direct Domain Threats Non-Sending Domains Generic Domains Defensively Registered Domains
3D Vision Impact • 3 dimensions of email threats: • Nature of threat • Size of attack • Efficacy • Combinations determine impact • All data points available upstream Nature of threat Size of attack Efficacy
1st Dimension: Nature of Threat Phishing (Direct Domain Threat) 419 (Unaffiliated Domain Threat)
1st Dimension: Nature of Threat Malware (Direct or Unaffiliated Domain Threat?) Malware (Direct Domain Threat)
1st Dimension: Nature of Threat Credit score spam (Direct Domain Threat) Pharma spam (Unaffiliated Domain Threat)
1st Dimension: Why Differentiate? • Different scams will concern different departments • Prioritise based on impact to organisation • Different threats have different remedies
2nd Dimension: Attack Size • Getting upstream enables us to see how many emails were sent in a given attack
2nd Dimension: Why Measure Attack Size? • Quantify risks • Prioritise risks • Justify the right investments • Measure ROI
3rd Dimension: Efficacy ISPs decide what is good and what is bad, but don’t always get it right… Phishing Users decide what is good and what is bad, but don’t always get it right… Phishing Legitimate Phishing Phishing
3rd Dimension: Efficacy Lots of inbox noise on a daily basis What happens today will affect what happens tomorrow
3rd Dimension: Why Measure Efficacy? • Quantify impact • Prioritise risks • Justify the right investments • Measure ROI
The Benefits of 3D Vision • Upstream data enables accurate risk assessment • Downstream metrics are inadequate: • No visibility into size of attack • No visibility into efficacy Impact Nature of threat • Upstream data enables us to see true impact Size of attack Efficacy
Impact of Attack: Security Perspective • Fraud losses • Call centre support • Remediation: • Site shutdown • Reset accounts • Credential recovery • Investigation & reporting • Malware secondary losses • Negative publicity
Impact of Attack: Reduced ROI of Email Program Attack end Attack start 90% average 32% drop 58% low
Traditional Approach to Phishing Prevention Phish Site Detected Phish Site Takedown Impact @ Time Phishing Email Campaign Deployed
Phishing Prevention With Return Path Phish Site Detected Advanced Detection: Provides enhanced visibility into emerging threats. Proactive Blocking: Drives down the negative impact of phishing. Phish Site Takedown Data Integration: Real-time URI data feeds facilitate faster takedown of malicious sites. Impact @ Time Phishing Email Campaign Deployed
3-Step Plan to Effectively Manage Risk • Build partnership plan between Security and Marketing • Gain visibility into full spectrum of email threats • Leverage latest technologies to: • Develop a holistic view of detection • Proactively block fraudulent messages • Increase the ROI on existing solutions
Conclusions • Old metrics are inadequate and incomplete • New technologies offer “3D vision” • It is not just a security concern … it must be enterprise-wide • New technologies: • Reduce fraud • Improve performance of email programs
Thank you Ken Takahashi General Manager, Anti-Phishing Solutions Return Path ken.takahashi@returnpath.com www.returnpath.com/security +61 2 8188 8700