Are You Fighting Spam Aggressively or IntelligentlyWritten by Jeff on April 29, 2013
For quite some time, spam was dismissed as merely an annoyance. It was viewed as noise that distracted people from doing their work because their time was spent identifying and deleting these junk messages instead of working on more productive things. It was viewed as an annoyance because the thousands of messages taxed network resources like bandwidth and storage space.
But according to a recent post by Kelly Higgins of Dark Reading, spam has become much more than an annoyance we are forced to deal with.
In her article, she reports that out of 550,000 email messages identified as spam, 14,000 were infected with malware. In the same sample, 30,000 of these messages had a file attachment and of these 10,000 were identified as malware and nearly every message that was send with a ZIP file as an attachment was actually a malicious file using the compression to mask its danger.
Now organizations are forced to react to these findings. They cannot simply let that many malicious files infect their systems through email. Take the Associate Press for example. One malicious file that made it through the filter was enough to compromise their Twitter account allowing a fake tweet that sent the stock market in the United States crumbling for a few hours.
To fight back, organizations can take two approaches, they can fight these illicit emails very aggressively and block anything that even remotely poses a threat to them, or they can fight malicious emails the smart way.
Going the aggressive route
Aggressively blocking emails seems like the best solution to stopping anything illicit from entering the perimeter. Block all attachments, block any keywords, block specific senders, etc. No exceptions.
Yes, this can immediately restrict malicious emails from being delivered, but at what cost? If you employ the absolute tightest controls so that nothing even perceived as a threat makes it though you are likely stopping legitimate emails from making their way to their intended recipients as well.
When we go aggressive in security, and email security in particular, orders don’t make it to the sales people, quotes aren’t delivered to buyers and important announcements get held up at the filter. Problems that arise from an aggressive anti-spam campaign could be reduced revenues, reduced productivity, low morale among employees and even job loss. Yes, job loss; like what happened to Oakland Police Chief Howard Jordan who filtered all emails regarding to Occupy Oakland to his junk mail. Because he missed emails from city officials and a federal court monitor he failed to comply and answer questions and subsequently lost his job.
Smart email filtering
Fighting illicit email is not an all or nothing proposition. You can opt to take the smart approach to filtering spam that will greatly reduce the noise created by junk email.
The smart approach is easy. Employ an easy to configure anti-spam filter so that you are not required to block everything by default. This allows you to manage the specific file types, domains and key phrases that you wish to have blocked by the solution. Add to this foundation a layer of heuristic filtering that learns what patterns the bad guys are using and questions emails that fit this criteria. Instead of outright blocking these emails, they are placed in a sandbox to see how they interact with your system and undergo further scrutiny; sometimes by the users themselves.
An additional layer to this solution would include the ability for users to spot malicious emails and report them as spam. This not only keeps the inbox clean, but it also helps to teach the anti-spam solution how to better identify illicit messages in the future.
Finally, teaching users how to spot spam and what to do when they see it will round out a smart email security solution. Focusing on technical controls that are easy to manage and educating users you can help keep the worst from happening in your organization by fighting spam effectively and efficiently.