• by Mike Hillyer , October 5, 2012

The nature of security threats is shifting fast. Cybercriminals are using sophisticated social-engineering techniques aimed at assembling user-profile information, rather than simple brute force network-perimeter exploits. These attackers are increasing relevancy and personalization to improve the open rates of their targeted spear phishing, and often it’s the legitimate marketers themselves who are falling for these highly targeted and intelligent attacks.

Direct marketers, including email service providers (ESPs), are at extraordinarily high risk because when cybercriminals breach their systems, they gain access to email deployment systems. This means that cybercriminals gain the ability to send out fraudulent email under a good brand’s name. That’s why it’s essential to safeguard not just all inbound message streams, but outbound message streams also.

Insight into message traffic is critical to prevention, response and mitigation, yet few enterprises or ISPs have clear visibility into email and mobile message traffic. Here are a few principles that emphasize visibility into messaging streams.

Principle 1: Accept that inevitably, you will be successfully attacked, and you need to be able to respond immediately and effectively.

Security threats are ever changing, and the points of vulnerability are so numerous, that it’s best to assume that even the best-managed messaging infrastructure will eventually be compromised (as a few of them already have been).The most cautious approach is to assume that you have already been successfully attacked or infiltrated and that your job is to define the parameters of the damage and contain it. Therefore, you must have a dual messaging security strategy aimed at prevention as well as ongoing mitigation. 

Visibility into messaging streams is especially critical. Quick incident diagnosis and resolution is often complicated because the data needed for responding to incidents is usually buried deep in log files. Sifting through these files is a labor-intensive and time-consuming exercise, so it’s important to implement a service that can provide a clear view into message streams and their underlying data. This kind of insight into email and SMS dispositions can dramatically increase the speed of issue resolution.

Principle 2: Prevention and mitigation strategies must be intertwined so companies can both shut down malicious activities and prevent recurrences.

In order to detect malicious activities as soon as possible and prevent future recurrences, companies must share intelligence across layers. When an enterprise or ESP gets compromised and unwittingly sends out fraudulent mail, the immediate objective is to detect and stop this dangerous activity. However, organizations should also seek to apply the lessons learned. This requires an integrated messaging technology solution that can capture, interpret and apply data in real time, make best use of anti-abuse applications and share intelligence across the messaging environment.

Principle 3: Consolidate your company infrastructure to reduce points of vulnerability.

Companies frequently maintain multiple message-deployment systems in various organizational silos across the enterprise. This multiplies the points of visibility, making it more difficult to secure the message streams. While there may be legitimate business reasons for separate systems, recent attacks provide a compelling rationale for reviewing these arrangements and consolidating the infrastructure to reduce the number of message streams that need to be monitored and secured.

In order to minimize points of vulnerability, the messaging infrastructure for all digital channels should be consolidated. That way, companies can focus their energies and resources on securing one infrastructure versus many. They can then implement the deepest layers of protection and mitigation possible for that one infrastructure, to ensure that security policies and procedures are uniformly applied and updated. For those that work with ESPs or other outsourced providers, consolidation reduces the number of connections that need to be secured and managed, and makes it easier to work with partners to implement security protocols that benefit both parties.