Email is the lifeblood of modern business and one of the key targeted points of security threats in a company. When it comes to security issues, businesses of all sizes face the same email and messaging challenges – and one of the most prevalent of these is spam. In the past, the major problem with spam was that it diminished user productivity because of the excessive time required to sift through it.
According to the Symantec Internet Security Threat Report XIV, a 192 percent increase in spam was detected across the Internet, from 119.6 billion messages in 2007 to 349.6 billion in 2008. The nature of spam continues to evolve, and it is becoming harder to stop.
Today, businesses are faced with more critical issues relating to spam, namely, the strain it puts on bandwidth and storage requirements for messaging.
Over the years spammers have been working feverishly to devise new ways to evade spam filters. The result: email servers are now being flooded with image-based spam which looks like text-based spam messages but are comprised of one or more images in order to defeat traditional spam filtering technology. On average, an image-based spam message is five to ten times larger than a text-based spam. This means that more than ever spam clogs bandwidth, soaks up disk space, and slows servers which often forces businesses to increase their storage capacity requirements. Smaller businesses working with minimal bandwidth are especially feeling the increasing strain that this new spam is putting on their network.
On the other hand, phishing is becoming sophisticated email users. New phishing threats are integrating spam and phishing techniques to get the message into the recipients’ mailboxes and, more importantly for spammers, to get the recipients to click on the URL contained in the message. enough to fool many seasoned
Just as spam is a vector for malware such as viruses and spyware, so tool is Instant Messaging (IM). IM is a public service which can be downloaded by anyone, in many cases for free, and is usually unregulated by internal IT teams. It is not easy for businesses to control and secure IM – and IM faces all the same email threats listed above – except they spread faster. Just like the “instant” nature of its messages, an IM compromise will spread in real time. For example, if someone accidentally downloads something, it can spread to their entire buddy list within seconds.
The combination of these issues creates the need for businesses to have single point protection for all business messaging at the gateway, where spam can be stopped before it impacts email servers and networks downstream. There are a host of solutions in the market to help stop these ongoing messaging problems, in addition to preventing viruses and spyware from propagating. Small to mid-sized businesses (SMBs) should ensure that they have centralized control and protection for inbound and outbound IM and email at the gateway in an all-in-one appliance that sits at the edge of the business network.
Mail security solutions for SMBs should ideally be able to identify spam and phishing in an integrated fashion by pushing rules to gateway devices for filtering out specific spam attributes and URL lists that are known phishing sites. The solution must allow for a host of policies and content filtering rules that can be set at the discretion of the business to monitor not only inbound content, but also outbound content. For instance, a rule can be set to ban any documents that say “confidential” on them from being sent outside of the business. Specific tools can also be added to help mitigate risks associated with data leakage and regulatory compliance.
The continued growth and evolution of messaging applications presents attackers with a wider range of targets and various means to launch malicious activity. Today, a security solution that merely provides basic network protection is no longer adequate for businesses to effectively protect themselves from advanced messaging threats. SMBs should look out for a new generation of messaging security solutions that provide multiple layers of protection.
An effective solution does more than just accurately identify and address risks, but also deliver consistent protection across platforms to save SMBs the hassle of keeping up with the constantly changing threat landscape.
In next month’s article, which will be the last article in this SMB data protection series by Symantec, we will look into backup challenges for SMBs and practical ways to deal with this issue.