How Can Companies Protect Their Networks Against Drive By Spam Attacks?
Without adequate email protection, employees are susceptible to drive by spam attacks. Simply opening an email can rapidly download and install malware that can infect the entire business network. With robust and powerful spam filtering software these emails won’t appear in the employee’s inbox, therefore mitigating the risk of an inadvertent malware download.
There are industry solutions to protect business networks from this kind of security threat. A robust and powerful spam filtering solution will strip out all scripts from the email message before they get shown. For emails that contain a script in an attachment, policies can be set to block the attachment type. Alternatively, if the script is in the email text, it will generally be checked for spam and the harmful email will be quarantined. It’s important for a company considering implementing an anti-spam solution, or replacing an existing one, that they investigate if drive by spam attacks will be detected.
A survey of SMBs conducted in late 2010 by SpamTitan, a zvelo technology partner, showed an overwhelming majority (75 percent) of IT managers surveyed regarded traditional spam as the top security threat facing their organization. This sentiment exists even with the significant drop in traditional spam volumes over recent months, as reported by many email security vendors. This is the result of many factors, including the fact that email security solutions have become quite effective in combating spam.
In addition to implementing effective email protection, IT managers must also look to protect the organization, in real-time, from links to malicious or compromised websites that may be disguised or buried within the body of an email. Internet threats have grown smarter and more dangerous, and tactics deployed by online scammers are more sophisticated than ever.
The Shift from Email Spam to Web and Social Spam
The effectiveness of anti-spam filtering software within business networks have caused online scammers to resort to phishing methods within social networking sites like Twitter or Facebook, with 37 percent of IT managers surveyed saying this trend is a growing phenomenon. Many businesses regard the move to online phishing as a natural response to the rapid growth in these social networking communities. With the advent of mobile devices and the use of social networking sites within the workplace, phishing remains a clear and present threat to businesses.
The continued use of Web 2.0 technologies in the workplace and the proliferation of social spam beckon increased employee responsibility in the area of network security. Executives in any company are prone to drive by spam attacks, or phishing attacks that divert away from email and onto malicious or compromised websites. The stakes are high within the business environment, and companies should educate employees about network security risks and should implement adequate spam and malicious website protection.
Originally featured on the WebTitan Blog on 02/29/12 in an article titled “Drive-By Spam Attacks, a growing security risk – is your company protected? | Web Security”