G-Suite Security Checklist: Are you Protected?
When it comes to enterprise attack vectors, email is still king.
Your employees are receiving, opening, and forwarding hundreds of emails a day, making emails an attractive vehicle for threat actors of all kinds. According to Verizon, an astounding 96% of attacks are still delivered via email.
Email threats might not be new or exciting, but all organizations, regardless of size, should be shifting email security to their highest priority.
The Era of Perimeter-based Security is Passé
Despite the prevalence of email attacks, enterprises often lack the proper safeguards when it comes to email security. It is not uncommon for organizations to rely on perimeter-based security, focusing on firewalls and intrusion detection to protect them from hackers. Unfortunately, this is not enough; research shows that secure email gateways (SEGs) consistently fail to protect against phishing attacks and 76% of infosec professionals claim their organizations experienced them in 2017.
In some cases, organizations don’t have any protection for their email at all, and only start taking preventative measures post-breach. Even for a large enterprise, the cost of a breach can be fatal. In 2018 alone, there were over 2 million cyber incidents that created a whopping $45 billion in losses, a number high enough to exceed a GDP of several European countries.
Cloud-based Emails Opened up the Floodgates
G-suite has taken the enterprise world by storm; its convenience, availability and simplicity makes it irresistible to businesses and private users. However, despite the significant efforts to raise awareness of cybersecurity threats, employees are often still not savvy enough to check links and attachments before clicking.
The growing sophistication of attacks, combined with the increased use of cloud-based email services, means that enterprises need to step up their email security efforts.
The Three Levels of Cloud-based Email Security
Broadly speaking, there are three layers of cloud-based email security that an organization can opt for to protect their corporate emails.
Level 1: Basic Security
These are the security measures that come built-in with an email platform. G-suite has some level of security protection out-of-the-box.
Organizations’ email admins can set up custom rules for the appropriate actions based on the type of threat that is detected. For example, they can move all suspicious emails directly to the spam filter (i.e., an email service feature designed to block spam from a user’s inbox) or opt for leaving such emails in the inbox with a warning.
As a result, the organization is aware of every problematic email, but the users will still receive or see potentially harmful emails, ultimately leaving security in the hands of the end-users.
Level 2: Middle-level Security
At this level, the organization can identify unauthenticated emails potentially spoofing their domain and choose to quarantine or delete such messages using the three pillars of email authentication: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC):
- – SPF is an email validation protocol that detects and restricts emails from your domain.
- – DKIM is used to create an encrypted signature that ensures the content of emails remain trusted and haven’t been tampered with.
- – DMARC is an added authentication method that uses both SPF and DKIM to verify whether or not an email was sent by the owner of the domain that the user sees.
Level 3: Highest Level of Security
At this level, organizations are able to approach the cloud email security in a much more comprehensive manner by adding the ability to conduct advanced threat protection, such as:
- – Protection against suspicious attachments: Identify attachments from untrusted senders or uncommon to the domain. Organizations can also Identify emails with unusual attachment types and choose to automatically display a warning banner, send them to spam, or quarantine the messages.
- – Scan links and external images: Admins control how warnings work in Gmail when a person clicks on a link to an untrusted domain.
- – Spoofing and authentication: This is an added protection against domain spoofing based on similar domain names.
Why Out-of-the-box Email Protection is Not Enough
As things stand, there are serious issues with even the highest level of protection offered by cloud-based email service providers. These include:
Choosing “rules” in advance: This approach leaves a higher chance of error if there’s an element the admins haven’t considered. As a result, a malicious email will look “legit” to the system, as it is indeed “legit” according to the rules set. This can lead to phishing and malicious emails getting through; if there’s a configuration, there is a chance that mistakes will be made.
Vulnerable to Account Takeover (ATO): Hackers can bypass even the highest levels of security by utilizing the ATO attack. By sending an email from an ostensibly trusted source such as a colleague, a supplier or a client, a hacker can override any rules set. This is a common way of spreading malware that bypasses the mechanisms of SPF\DMARC, since the protections can’t identify such emails as malicious. Usually, after ATO, the attacker replies to an existing thread with a malicious attachment, making the email appear completely legitimate.
Only protect against known or similar threats: Such measures only protect against already encountered and known threats. Since the threat landscape is always evolving, organizations need a system in place that will detect brand-new threats that do not meet pre-set criteria.
The Need for Comprehensive Email Security
Methods that were effective yesterday are simply no longer relevant today. For example, detecting attacks based on metadata and external features is something that used to be effective, but can easily be bypassed today.
As the threat landscape continues to evolve, organizations need comprehensive tools to protect against known threats, but even more so against the unknown ones. Rule-based security can be easily bypassed by a novel threat that you didn’t know existed, and therefore didn’t set up rules against. The standard measures deployed by cloud-email providers are not robust enough to withstand the onslaught of sophisticated threat actors. This is where BitDam comes in.
The BitDam cloud-based Advanced Threat Protection (ATP) blocks both known and unknown threats contained in any type of file or URL, protecting your Email, Cloud Drive, and Instant Messaging. The platform offers the highest detection rates of advanced attacks from within the communication stream, with no configuration, updates or patches needed. In addition, BitDam sits on top of your existing systems with no changes necessary to the existing security infrastructure.