Presentation is loading. Please wait.

Presentation is loading. Please wait.

The impact of email-borne threats Why companies should recognise and embrace the need for change.

Published byRosanna Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "The impact of email-borne threats Why companies should recognise and embrace the need for change."— Presentation transcript:

1 The impact of email-borne threats Why companies should recognise and embrace the need for change.

2 Phishing Attacks per Year Source: RSA (2014)

3 Phishing Campaigns per Year Source: APWG (2013)

4 Reality Check Source: APWG (2013) Change in measurement methodology 300% increase

5 Phishing sites reported to association or vendor Phishing sites reported to other bodies Phishing sites not reportedPhishing emails sentOther email-borne threats The Thin End of the Wedge

6

7 Why is Accurate Measurement Important? “To measure is to know… If you cannot measure it, you cannot improve it.” Lord Kelvin

8 New measurement Upstream ISPs Getting Upstream for Accurate Measurement Current measurementDownstream vendors Data filters Fuller picture

9 Upstream insights

10 Full Spectrum of Email Threats Active Emailing Domains Non-Sending Domains Defensively Registered Domains

11 Full Spectrum of Email Threats Unaffiliated Domain Threats Direct Domain Threats Look-a-like Domains Subdomains of Another Domain Different Brands’ Domains Unaffiliated Domains Generic Domains Active Emailing Domains Non-Sending Domains Defensively Registered Domains

12 3D Vision 3 dimensions of email threats: Nature of threat Size of attack Efficacy Combinations determine impact All data points available upstream Nature of threat Size of attack Efficacy

13 1 st Dimension: Nature of Threat Phishing (Direct Domain Threat) 419 (Unaffiliated Domain Threat)

14 1 st Dimension: Nature of Threat Malware (Direct or Unaffiliated Domain Threat?) Malware (Direct Domain Threat)

15 1 st Dimension: Nature of Threat Credit score spam (Direct Domain Threat) Pharma spam (Unaffiliated Domain Threat)

16 Different scams will concern different departments Prioritise based on impact to organisation Different threats have different remedies 1 st Dimension: Why Differentiate?

17 2 nd Dimension: Attack Size Getting upstream enables us to see how many emails were sent in a given attack

18 Quantify risks Prioritise risks Justify the right investments Measure ROI 2 nd Dimension: Why Measure Attack Size?

19 3 rd Dimension: Efficacy Users decide what is good and what is bad, but don’t always get it right… ISPs decide what is good and what is bad, but don’t always get it right… Phishing Legitimate Phishing

20 3 rd Dimension: Efficacy Lots of inbox noise on a daily basis What happens today will affect what happens tomorrow

21 Quantify impact Prioritise risks Justify the right investments Measure ROI 3 rd Dimension: Why Measure Efficacy?

22 The Benefits of 3D Vision Upstream data enables accurate risk assessment Downstream metrics are inadequate: No visibility into size of attack No visibility into efficacy Upstream data enables us to see true impact Nature of threat Size of attack Efficacy

23 Fraud losses Call centre support Remediation: Site shutdown Reset accounts Credential recovery Investigation & reporting Malware  secondary losses Negative publicity Impact of Attack: Security Perspective

24 Impact of Attack: Reduced ROI of Email Program Attack start Attack end 90% average 58% low 32% drop

25 The pay-off

26 Addressing email-borne threats

27

28

29

30

31

32

33

34 Traditional Approach to Phishing Prevention Impact Time Phishing Email Campaign Deployed Phish Site Takedown Phish Site Detected @

35 Phishing Prevention With Return Path Impact Time Phishing Email Campaign Deployed Phish Site Detected Phish Site Takedown @ Advanced Detection: Provides enhanced visibility into emerging threats. Proactive Blocking: Drives down the negative impact of phishing. Data Integration: Real-time URI data feeds facilitate faster takedown of malicious sites.

36 What can you do …

37 Build partnership plan between Security and Marketing Gain visibility into full spectrum of email threats Leverage latest technologies to: Develop a holistic view of detection Proactively block fraudulent messages Increase the ROI on existing solutions 3-Step Plan to Effectively Manage Risk

38 Conclusions …

39 Old metrics are inadequate and incomplete New technologies offer “3D vision” It is not just a security concern … it must be enterprise-wide New technologies: Reduce fraud Improve performance of email programs Conclusions

40 Ken Takahashi General Manager, Anti-Phishing Solutions Return Path ken.takahashi@returnpath.com www.returnpath.com/security +61 2 8188 8700 Thank you

Download ppt "The impact of email-borne threats Why companies should recognise and embrace the need for change."

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.

Mobility in Government Consolidation & Wrap-up Lee Naik3 Oct 2013.
Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.

Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst

Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
2006/12/191 Using E-CRM for a unified view of the customer COMMUNICATIONS OF THE ACM, April 2003, Vol.46 No.4 Shan L. Pan & Jae-Nam Lee Reporter: Shing-Jiun.

2006/12/191 Using E-CRM for a unified view of the customer COMMUNICATIONS OF THE ACM, April 2003, Vol.46 No.4 Shan L. Pan & Jae-Nam Lee Reporter: Shing-Jiun.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Protecting Against Online Fraud F5 SIT Forum

Protecting Against Online Fraud F5 SIT Forum
Visit www.EmailDelivered.com for Email Marketing and Deliverability Tips, Tools, & Trainingwww.EmailDelivered.com IP REPUTATION & DOMAIN REPUTATION HOW.

Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com IP REPUTATION & DOMAIN REPUTATION HOW.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
1 Challenges For A Credit Bureau In Emerging Markets.

1 Challenges For A Credit Bureau In Emerging Markets.
How Companies Fight Spamming by Sonya Tormaschy & Marc Eggert E-Commerce: Tuesday & Thursdays; 1:30 – 2:45.

How Companies Fight Spamming by Sonya Tormaschy & Marc Eggert E-Commerce: Tuesday & Thursdays; 1:30 – 2:45.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Grenada Hotel & Tourism Association. Leveraging the Power of the inbox – Email Marketing 101 Clevon J. Noel IT Officer Grenada Hotel & Tourism Association.

Grenada Hotel & Tourism Association. Leveraging the Power of the inbox – Marketing 101 Clevon J. Noel IT Officer Grenada Hotel & Tourism Association.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Similar presentations

Ads by Google