James Forbes May

Barracuda launches two-prong attack against spear phishing

Barracuda Networks (Barracuda) is leveraging their top position as provider of on-premise physical email gateways, to extend their fight against email threats, to the virtual space.

“Our market leadership in on-premise email protection puts us in a key position to protect our customers in Microsoft Office 365,” said Barracuda’s VP of APAC Sales, James Forbes-May.

He said this during Barracuda’s media briefing about key findings from a spear phishing report titled, “Spear Phishing: Top Threats and Trends.”

Recognising that web-based email services; and specifically the one bundled in Microsoft’s Office 365 productivity suite (O365); is going to become more prevalent, the company is doubling down their efforts with products like the artificial-intelligence based Barracuda Sentinel, Barracuda Essentials, Barracuda PhishLine and more.

Total Email Protection (TEP) is their email protection suite which comprises of all these point products, among others.

Trends for cloud-based email

James pointed out that protection tools for on-premise emails will not work for cloud and web-based email services. It’s true, only one sixth of email users are on the cloud, but slowly and surely they are moving to software-as-a-service productivity suites like Office 365.

And, the email service bundled in this online suite is being taken up by more and more O365 to replace on-premise Microsoft Exchange email service.

Currently, there is an estimated 200 million users on O365, and as many as 3 million users are being added every month.

Why is this significant?

As is the case for a few decades already, emails are a primary form of communication within large business organisations. And as email usage transitions towards cloud-based services, ways to protect email has to evolve.

James said, “The email protection market globally is valued at USD11 billion. Data protection in contrast is about USD4 billion.”

This certainly speaks to the value that email communications has upon businesses and its operations.

Cybercriminals recognise this as well, and spear phishing is a well-evolved tool that they have been using for over a decade, to steal sensitive company information, which goes on to strengthen their foothold in an organisation and ultimately further their ill-intentions.

Indeed, over 70-percent of email attacks or compromise upon an organisation’s perimeter, starts with email phishing.

Evolving trends

The array of tactics that cybercriminals employ to take advantage of small mobile screens, the barrage of emails in the inbox and simple human nature, is scary.

Barracuda’s PhishLine product can give an organisation’s employees a sneak peek at what to expect via its training and simulations. Updated content and phishing tactics are added as time goes by, so users can have an idea of what to expect and be on the look out for.

There is even a concierge-like service which addresses enterprise-level organisations, by using a consultative approach.

Indeed, PhishLine is a n effective way to disseminate awareness material, and Barracuda Country Manager Tong Chee-Leong said, ‘Spear phishing is here to stay. Scammers will improve (it) along the way, so the last mile to stop it, is us. Training and simulations are important and we are using technology to deliver it.”

James also cautioned that layered protection, is the best method to approach this cyber threat.

Risk management in a regulated industry

Spear phishing threats aside, Barracuda wants to address cloud misconfigurations as well. In recent times, there has been numerous reports of sensitive data in huge organisations being accidentally leaked, due to incorrect set up of their cloud environments.

James said, “There are around 100 to 150 common misconfigurations when setting up the cloud. Imagine when this configuration is copied and replicated to spin up another ten cloud instances, … that becomes 1000 to 1500 vulnerable entry points!”

A Barracuda solution like Cloud Security Guardian, can not only help prevent this from occurring, but in the event that mistakes still happen, it will take remedial steps to contain the damage.

The Azure version of Cloud Security Guardian, was launched just today.