Email Security: Issues and Awareness

In an organization each and every individual should aware of email security issues to be taken care of by one and individual. There are various challenges which are to be overcome to get rid of them. Few issues and challenges one should be area of are:

1)      User Behavior: The end users are at the top pf email security issues list because the decisions they take can either prevent bad situations or creates the worst situation. It’s a major issue in an organization as the perception of end user and IT security experts appears to be at odds many times. When the security experts see sharks in the form of threats swimming around, end users simply perceive it in the form of spam. Few organizations do Ethical phishing attacks and social engineering penetration testing on their employees to assess their security awareness. The results reveal that even being aware of attacks, they click on phishing emails.

2)      Targeted Phishing attacks can make a comeback:Earlier Work-intensive manual attacks were common. Now hackers perform targeted phishing attacks or automated attacks which need much more efforts and are a much bigger payoff. Hackers use public social media resources to target a person or a company and learn their particulars like who’s who in the company. Once they get the knowledge, it becomes easy to masquerade as the boss and fire whaling attacks. It is very easy for them to include company logo and other company’s information to make a malicious email more realistic and credible. In one case Hacker has impersonate the cellphone number of a boss and triggered an attack by sending a text message to an employee that referenced as email message.

3)      A Gateway to takeover Account to exploit more: Hackers penetrates less secure computers like laptops used in public Wi-Fi and are then able to weaponize them against the organization. Hackers take overs the Account of an organization which is an indirect challenge to email security. Once a computer of an organization or of an individual is compromised, hackers use Mimikatz, an open source tool and Microsoft’s built-in Remote Desktop Protocol to dump all credentials of a machine. Once the account get takeover by Hackers, they can use powerful tools like Power shell, Windows Management Console to reach out to machines exists on the corporate network. They can easily uses services to exploit vulnerabilities on networked computers.

4)      IoT and Mobile Device Security Challenges: IoT and handheld devices can also be compromised and can become a part of phishing and other security attacks. Hackers can use a targeted phishing attempt or can take over account easily via a clean application of an iPhone or android Phone. This application might contains a code that takes users to a phishing site that requests its credentials Even IoT devices like surveillance cameras , Wi-Fi routers based an open source code are open and viable to exploitation. Usually IoT devices are small networked computers which all can be used as jumping off points for security incursions.

5)      Think Beyond Perimeter Security: All the organizations implements highly effective security perimeters like firewalls, Web Application Firewalls, intrusion Detection/prevention systems and email security gateways. That is why Hackers hack machines and compromise emails and users that might be outside the perimeter. They use plain and harmless email to trap inside users outside the perimeter. Perimeter security plays an essential role but at the same time one has to be careful about other potential attack surfaces.

Summary: It is very much required to be vigilant as vigilance is the key in order to address email security issues. It has been observed that the nature of attacks transforms boundlessly. There is no standard way, how the hackers can attack for better or worse and it’s very difficult for security vendors to have a standard method to identify and stop these changing attacks.

Ms. Arpana Chaturvedi

Assistant Professor

Information Technology