Today, probably every one of us has received a phishing email at least once. In fact, spreading malware through email links and attachments is one of the most popular methods to attack both users and companies.
Cybercriminals often try to lure unsuspecting people into infiltrating ransomware by employing social engineering tactics in their malicious email campaigns. While installed security tools on users’ devices are highly effective, people should also start developing necessary skills to reduce human error.
In this interview, Funda Celebi, the Channel Sales Manager at Keepnet Labs – a company that specializes in email security, lists the best cybersecurity practices to combat email-based threats and explains how to spot a phishing email.
Let’s go back to the beginning of Keepnet Labs. How did the idea for this project come about?
Since phishing emails are frequently the initial stage of an attack, it’s been long believed that securing inboxes and improving cybersecurity knowledge are the best approaches to combat cybercrime. To strengthen a company's cybersecurity posture, various safety solutions were necessary at once, and none of the other cybersecurity suppliers provided integrated solutions for each step of email-based threats. Keepnet Labs was founded on the premise of protecting organizations throughout the email lifecycle by taking a holistic approach to have all anti-phishing security solutions on one platform.
What makes Keepnet Labs stand out is your holistic approach to email security. Can you tell us more about your vision?
Keepnet Labs helps organizations protect themselves throughout the lifecycle of email-based attacks. Only Keepnet's patent-pending solutions cover all stages of email-based cyber threats in a single platform that can be deployed on-premise or in the cloud. It's a next-generation security platform that includes a comprehensive suite of cybersecurity defense, threat monitoring, security management, and user awareness tools. It embodies an integrated approach to people, processes, and technology, reducing the risks of email threats in all areas.
When it comes to cyber threats carried out via email, what are the most common ones?
The most common cyber threats spreading via email are the following:
- Social engineering
- Business Email Compromise (BEC)
Traditional email filters and typical security measures are frequently bypassed by these attacks and cannot effectively secure one's devices.
How did the pandemic affect the email security landscape? Were there any new challenges you had to adapt to?
Since we were already providing a solution for companies that have a hybrid workforce, the pandemic helped clients understand how important this ability is. Our clients can protect their users on all the email services they use at once.
What is the most common type of phishing email, and why do so many solutions struggle with identifying it?
There is not one single type of phishing email as the attackers find new ways to mislead users every day and they are more sophisticated each time. Phishing emails will probably never be stopped but it’s possible to improve user awareness. Everyone should be aware of the consequences of visiting a phishing website and this can only be done through constant awareness training and phishing simulations.
Let’s say a malicious email did slip through the cracks. Could you give us a few tips on how to identify a phishing attempt?
If you receive a suspicious email, look for the following signs:
- Whether it requests login credentials, payment information, or sensitive data
- If there are any suspicious attachments
- Whether it offers something too good to be true or demands urgent action
If you notice any of these signs, you should be cautious about that email.
Besides email security solutions and employee training, what other security measures do you think modern companies should invest in?
Companies should invest in people more than anything else as 90% of the attacks are due to human error. We utilize a rising number of tools and services in our more complex and demanding work settings. Not to mention that we have usernames, passwords, and other information to remember. This all adds up, and when employees aren't given better, more secure options, they begin to take shortcuts to make their lives simpler. This needs to be avoided by investing more in people’s awareness.
Can you give us a sneak peek into some of your future plans for Keepnet Labs?
Keepnet Labs has released three patent-pending products that are already saving tons of time for SOC teams. We intend to keep growing and making our product even better.