Stop Phishing. PHOTO: Cybercrime Magazine.

Back To Basics: Blocking Phishing To Prevent Ransomware

Wrapping security around the inbox

Gil Friedrich

New York City, N.Y. – Mar. 14, 2022

What does protection against the most virulent threats today look like? There are tons of measures to take to keep your organization secure. How do you cut through the noise? Which ones do you prioritize? All organizations will need to consider their unique threat landscape. But, in general, there are five tenets of protection that every organization, regardless of size or industry, should incorporate. These five tenets make up a robust security program, helping to keep malicious threats at bay and keeping your business going strong.

1. Protecting the Inbox

A solid cybersecurity offering will start by preventing phishing. Phishing remains the number one cause of breaches. If you don’t protect the inbox from phishing, you are not protected.

There are a number of ways to do this, with differing approaches. But the objective has to be the following: preventing phishing and malicious emails from reaching the inbox. The best way to do this is to sit inline, before the inbox, and leverage advanced AI and ML to identify and stop zero-day threats. By nipping the phishing problem in the bud, your organization effectively reduces a whole host of other threats.

2. Protection Against Visiting Malicious Websites

If an email comes into the inbox with a malicious link, and a user clicks on it, not all is lost. That is where URL rewriting comes in. All links contained in an email are replaced with an innocent link. When the user clicks on the link, the security solution needs to check the URL. If it is determined to be benign, the user continues without interruption. If it is malicious, it is blocked. This is especially important because many attacks are designed to detonate post-delivery, meaning they easily get by email scanners and are only dangerous after they are clicked. By rewriting the URL, that risk is eliminated.

Cybercrime TV: Gil Friedrich, Founder & CEO at Avanan

Protecting Office 365 inboxes from phishing attacks

3. Protection Against Data Loss

According to a report from IBM, the average total cost of a data breach has increased by nearly 10 percent, rising from $3.86 million in 2020 to $4.24 million in 2021. Further, it takes an average of 287 days to contain a breach.

That’s why a robust data loss protection — across email, file-sharing and collaboration — is so important.

This type of program needs to leverage the most advanced tools to identify and mark files containing confidential, financial, and personally identifiable information, including credit card numbers, Social Security numbers, and bank routing numbers. Data has to be shared as part of regular business. But it should only go to intended recipients. With data being shared on all platforms, this type of protection is essential.

4. Protection for the Entire Suite and All Lines of Collaborations

Phishing and malware don’t stop at email.

In fact, there are 10,000 new malicious files discovered every day, with a key target being popular file-sharing apps. New research finds that OneDrive accounts for 20 percent of all malicious downloads; SharePoint accounts for 9 percent.  For malicious Office documents, OneDrive and SharePoint combine for 34 percent of all downloads in that category.

That threat is compounded by the fact that, in many of these applications, default security scans file SharePoint, OneDrive or Microsoft Teams. Rather, the files are scanned asynchronously, making it very easy to download malicious files.

A security solution needs to scan, test and execute all files in a powerful sandbox before the user downloads. This will ensure there’s no malicious content. With remote work here to stay, files will continue to be shared across multiple employees and companies. Ensuring hackers don’t interrupt that is key.

5. Protection Against Ransomware

When you combine protection against phishing, protection against malicious URLs, protection against data loss and protection of collaboration and file-sharing apps, you get robust protection against ransomware.

Phishing remains the number one cause of ransomware. By blocking phishing messages and malicious links and files, you have created all-encompassing protection against ransomware.

Start a Demo to Experience the Power and Simplicity of Avanan

Avanan Archives

Gil Friedrich is co-founder and CEO at Avanan.

About Avanan 

Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.

Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™.  The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.