Phishing has been one of the most popular threat vectors for malicious hackers. This type of attack is often carried out through email and allows to execute malicious programs, steal personal information, or lure people into giving money.
Unfortunately, phishing incidents only intensify, with employees being one of the most vulnerable entry points for attackers. Even though the IT department can implement advanced security solutions to protect equipment from malware, how can we protect workers from falling victim to phishing?
To discuss this and similar questions, we talked with David Wreski, founder and CEO of Guardian Digital, who explains how his business started, threats likely to be seen in 2022, and why he believes the pandemic has made the importance of email security much greater.
What was your main driving factor for starting Guardian Digital?
Internet security and open-source were in their infancy. It was necessary to be able to build protection from new cyber threats quickly and cost-effectively. The Open-source model allowed me to do that more effectively than the commercial offerings we were using at UPS.
Guardian Digital offers open-source protection solutions. Can you tell us more about the philosophy behind the open-source approach?
We believe the “many eyes” approach to developing software produces a more secure and effective product. At Guardian Digital, we pride ourselves on our commitment to building a community where small businesses are given the tools and resources to evolve and improve productivity. We remain dedicated to nurturing creativity and the open course development community.
What are some of the types of email threats that are widely prominent today?
Over the past year, we saw an increase of ransomware attacks by nearly 20% compared to 2020, and phishing is the most common type of attack users are exposed to.
How did the pandemic affect the email security landscape? Did you add any new features as a result?
The pandemic has made the importance of email security much greater. Many businesses transitioned to a work-from-home style, and employees began letting their guard down. There wasn’t an IT team down the hall to secure networks, many businesses struggled, and unfortunately, had to close. We've also increased responses to businesses facing a whole series of new types of attacks by cyber thieves capitalizing on the increased urgency, disinformation, and uncertainty surrounding the pandemic.
What technologies do you think pose significant security risks but are still widely used by the public every day?
Public Wi-Fi usage is still an ongoing issue, as well as the lack of employee training. Companies should be providing their staff with the knowledge to spot a suspicious email before interacting with it, and using public Wi-Fi doesn’t protect against hackers eager to steal your private information.
Which cyber security threats do you think are going to arise in 2022?
When it comes to cyber threats, it’s more of a question of “when will an attack occur” as opposed to “if.” I expect to see the trend of malware and ransomware attacks continuing, as cyber thieves figure out other ways to monetize online crime. Small businesses should learn how to prepare for the future of email cyber attacks, including the cyberwar between several nations, misinformation concerning US elections, cryptocurrency, and as more businesses transition to remote work.
Additionally, could you share some tips on how to protect against them?
I cannot stress this enough: users need to think before they click. Don’t interact with an email that seems suspicious because there is usually a reason for that. For example, Honeytokens are great tools that prevent supply chain attacks.
Additionally, since Deepfake works by convincing you the source is reliable, it's essential to confirm that the source is legitimate before transferring any funds.
In your opinion, why do companies as well as individual users tend to overlook email security?
I think, like with most things in life, people don’t think they can be a victim, and that they’re excluded from the potential threat of phishing, malware, ransomware, etc. With the number of companies that have been personally affected by cyberattacks, it should go without saying that it is better to be safe than sorry, and it pays to be prepared.
What’s next for Guardian Digital?
Moving forward, Guardian Digital will continue to watch for new threats and develop new technologies that can better identify these threats, including machine learning and artificial intelligence capabilities.