Setting aside those of us who grew up in small towns during simpler times, nearly everyone locks their front door these days. It's not even a question. If you have a lock on your door, you use it. Does it stop a determined burglar from breaking into your house? Nope. In fact, most houses have windows that can be broken, allowing the burglar unfettered access.
So... if criminals can just get in through a window, then why lock your door at all?
Because breaking windows attracts attention, often leaving evidence of the crime. An unlocked door can be the easiest way for criminals to get in and out of your house before they're noticed. They'll step up to the door, turn the knob, and quickly slip in if it's unlocked. If, however, they rattle the knob and the door's locked, they'll just move on to the next house. Casual burglars will often try door after door rather than risk being caught jimmying open (or breaking) a window of a house.
"I don't lock my front door because burglars can easily break a window." - Says No One Ever
Now, consider that your neighborhood is flooded with people knocking on your front door at all hours. Further, imagine that 95% of the people who knock aren't your friend coming to visit, but unwanted (legal) solicitors. How long do you think it'd take for burglars to hide among the throng on your porch, casually testing the door to see if it's locked?
Would you still leave your door unlocked? Of course not. But what would you say if only 24% of families on your block locked their front door? In that case, there continues to be an incentive that drives the throng of door-rattling burglars.
Well, that's like what's going on with email right now. A surprising number of companies still haven't added simple locks to the front door of their email servers that keeps out domain impersonation. And this despite the overwhelming evidence that the vast majority of data breaches, malware delivery, and other compromises start with email attacks.
"I don't need to secure my email against domain abuse." - Say a Surprising Number of Companies
There are a number of news articles and blog posts (as well as official statements from the FBI) that provide compelling data about the severity of email attacks. They do a good job covering typical credential phishing, the costly impact of business email compromise (BEC) attacks, and illustrate how a deceptive link can easily result in malware infections. There are also a number of articles explaining the various solutions available to protect your company against attacks (e.g. SPF, DKIM, DMARC).
Truth be told, email security can be unnervingly complicated, especially given the technical jargon used to describe solutions. Getting everything right requires careful planning and a commitment to security. And since there's no silver bullet solution that stops all types of email abuse, the industry is left piecing together solutions. Fortunately, there are a few email security companies that provide a reasonably comprehensive suite of solutions, including Proofpoint.
At Proofpoint, our customers are protected against simple door rattling as well as more pernicious attacks. The trick, though, is to ensure that your company has the right mix of products deployed that fit your situation and that they're configured correctly.
Talk to your account representative or dedicated professional services agent to ensure that you're fully protected. And if you're not yet a Proofpoint customer, click here to learn more about how we can help secure your email.
Subscribe to the Proofpoint Blog