Spam filters are not generally considered a security measure but as spam traffic increases, they may find correspondingly greater effectiveness in that capacity. It seems that every week, another major company is in the headlines after being hacked. Sometimes these intrusions cost them fortunes, as in the case of the recent $45 million bank heist, and sometimes it just embarrasses them, as in the case of The Onion. Whether the price is $45 million, or a slice of humble pie, one thing is for certain: nobody wants to be hacked. Another, less discussed near-certainty is that somebody either within or close to, the hacked company experienced first-hand the magic of social engineering.
This science was first explored by the esteemed Kevin Mitnick, in his 2005 seminal treatise, “The Art of Intrusion”, and has been expanded and refined to such an extent that it is now responsible for the initial breach in the vast majority of cyber-crimes that are committed today. A particular ploy in the social engineer’s toolbox keeps surfacing in the subsequent investigations of nearly all of the high-profile breaches of the past several years, and that is the “spear-fishing” attack. This is generally accomplished with an email which contains enough personal information about its recipient to be convincing, and which induces them to click on a link contained in its text.
Installing spam filters in a company’s mail system is a simple and effective method of reducing this danger, and will eliminate the vast majority of the malicious emails and their embedded links before they even reach anyone’s inbox. While nothing can guarantee protection against a well-engineered, targeted attack, reducing the overall volume of email in which those spear-fishing attempts obscure themselves not only reduces the time wasted in deleting them manually, but diminishes the enormous amount of mail that users must sometimes analyze to detect that more dangerous variety. Of course the safest policy is to refrain from ever clicking on email links, but when that is impractical, this volume reduction can be the determining factor in whether or not a company is successfully infiltrated.
If you would like more information about this issue and its mitigation, or any other cyber-security related concerns please contact us.