Living in a world of trust | SC Media
TDR, Phishing

Living in a world of trust

August 22, 2012

Trust is at the base of every relationship. That's true in any field, but especially true in information security. Having a sterling reputation helps businesses grow. A shady reputation, the opposite. 

The internet has empowered businesses to exist primarily on reputation. eBay wouldn't exist without the trust assigned by buyers to sellers. Myriad sites – from Yelp to Epinion to RateMD – empower consumers to
provide feedback on products and services, allowing others to make better purchasing decisions based on reputations. 

The bad news: Of the millions of emails we scan, less than two percent are legitimate, demonstrating there is not enough deterrent for spammers to give up their lucrative business. Spam is now the preferred distribution method for malware, with 85 percent of unsolicited email containing links to malicious sites. Spam's quality is also improving. The typical message is no longer riddled with errors and typos, giving the bogus message an increased aura of legitimacy. Today's spam attachments, such as documents, spreadsheets, graphics and videos, often contain malware.

There's a responsibility involved in maintaining one's online reputation. 

Spam has implications. Not only do we want email to flow freely, but we also depend on its free flow. This example is an extreme case, but one of our clients recently had us ban all emails originating from a certain domain because of spam issues emanating from just a few users. This will happen more and more often to organizations that don't take concerted actions to monitor and protect their online reputations. 

Today, IT security teams can access sophisticated data leakage prevention tools, helping them ensure sensitive information remains confidential. Someday, IT managers may similarly benefit from automated systems that help them maintain and protect their company's digital reputation. 

The good news is not that spam's onslaught is receding – it isn't – but that spammers are not causing as much havoc as they did years ago. So far, spam's biggest impact on businesses – at least those with adequate safeguards – has been the costs of productivity losses, as well as transporting and filtering junk email. Many people also seem to be feeling slightly better about spam. The proportion of enterprise IT managers who believe spam is “a big problem” continues to fall. Additionally, users who believe spam is “not at all a problem,” continues to rise slowly.

Maintaining your reputation can be simple. 

Your email usage policy should be clear. Ensure all staff understands that email is for person-to-person communications only. Email marketing activities should be left to the marketing department. 

Configure your gateway to prevent outbound email sent to more than, say, 50 people. Or, consider the benefits of using an outsourced service provider. Good email marketing companies use best practices for email marketing, and using their services helps mitigate risks. 

In addition, ensure your security systems protect you against phishing, drive-by downloads, trojans and other threats. If they do not, your reputation may be impinged by a compromised system being unwittingly used as a spam-sending zombie or enlisted as part of a botnet. It may be somebody else's spam being sent out, but it is your reputation that suffers. 

For now, companies can rest assured knowing that a combination of spam filtering, anti-malware technologies and user education will make their email environments safer. But, this situation may improve or deteriorate over the next few months or years.


David Poellhuber is chief “spaminator” at Montreal-based email security vendor ZeroSpam.
prestitial ad