Consider the following scenario. It wouldn’t be too difficult to find out which anti-virus software product a company is using and how efficient that vendor is at issuing signatures for new viruses. All that is then needed are the names of users working in department most likely to have access to sensitive information, perhaps the financial team. It is possible to create a virus designed to search for documents with particular filenames, such as ‘sensitive’ or ‘confidential’, and email these documents to a designated account.
If this is the first time the virus has been seen, a company using reactive software probably won’t be alerted. By the time the infection is discovered, it will take another few hours to issue a patch. But the damage has already been done, and your highly sensitive information and intelligence has already exited the building.
It isn’t possible to say for certain which organisations are more likely to be targeted with these types of attacks. In reality, any business is a potential victim. However, those with a strong online presence or heavy reliance on ecommerce are most likely to be at risk. Anyone with a high profile brand should also seriously consider this type of threat – it takes years to build a brand but only minutes to destroy it.
Companies relying on generic, blanket security products such as out of the box software may find it most difficult to protect against customised attacks. Software products are generally unable to identify where a threat has come from, and do not have a team of experts acting as an early warning system. A proactive managed service provider has these capabilities, precisely because email traffic must pass through its systems – allowing for analysis of unusual traffic patterns, email origin and new, previously unseen vulnerabilities and malicious code. The perpetrators of email security attacks are learning to adapt their methods according to their target, and are making it personal. To effectively combat this breed of threat, organisations must do the same.