Patrick Peterson

CEO and founder, Agari

Author Bio ▼

Patrick Peterson is CEO and founder of Agari.com, a Silicon Valley innovator in email security. Agari provides global brands with the experience, tools, and analytics they need to eliminate email threats, protect customers and their personal data, and proactively guard brand reputation. Agari is backed by Alloy Ventures, First Round Capital, and Greylock Partners.
August 11, 2015

Sign up to free email newsletters

Download

Mobile access series #1: What you need to know

Wearables and the Growing Cyber Threat: How to Protect You and Your Business

Rarely a day goes by without a new wearable device bursting onto the market, offering exciting uses for hands-free workers wanting to enhance their communication efforts, improve their workflow or reducing decision time frames.

And just as the rise of end-user computing and bring-your-own-device trends disrupted the security practices f many enterprises, so too will wearables and the ‘Internet of Things’.

The enormous amount of data wearable technology amasses – from clocking travel patterns and location data to recording intensely personal health data – is of enormous value to today’s hackers. To get at this data malicious actors use socially-engineered cyber-attacks and sophisticated phishing campaigns designed to trick you into clicking their spoofed emails.

Think about it: if an email lands in your inbox from a brand you recognise and relates to something you’ve been looking at, then you’ll be more likely to open it – right?

Equally, smart watches or fitness trackers that clock your every step and report on how many calories you’re burning and then send you a daily email notification present a specific kind of risk. Because more devices you have pinging you, fighting for attention in your email inbox with notifications or updates, the more susceptible you are to clicking on a fraudulent or phished message and exposing highly personal or corporate data.

With today’s cybercriminals amplifying their use of email to spread malware and steal personal data, the threat posed by wearables must be addressed.

The infamous Target data breach, for example – where the payment data of 40 million customers was exposed to a malware attack on the POS system in almost 1,800 stores – clearly illustrates how cybercriminals are capitalising on email before, during and after attacks to steal credentials, infecting machines or getting enough information to continue the next step of their malicious campaign.

Fundamental flaw

Of course, email is ingrained into our everyday lives and is often a business’s primary communication tool. The unfortunate truth is that email was created with a fundamental flaw – anyone can send an email using someone else’s identity – and perpetrators of cybercrime are exploiting this.

Hackers use many tricks, but one of their favourites is to take advantage of design weaknesses in the internet’s basic architecture to send email from what appears a legitimate domain – usually a .com return address that appears identical to those used by reputable businesses.

Their success hinges on the fact that unsuspecting users will be unable to spot a poisoned email when, for all intents and purposes, a phished message with the right branding and style of messaging looks like the real deal.

While the probability of an attack changes depending on where the wearable device is being used – like financial or healthcare organisations – when it comes to data security, one can never be too careful.

The focus of any cyber attack is to compromise the user and steal the data, so to keep personal information secure and combat the security risks involved, best practice calls for enterprises to emulate BYOD solutions.

Solutions include limiting the number of employees that use their personal devices to access business information or setting policies that determine what data the wearable device is authorised to access (and retain) from the corporate network.

Equally, automating log-off functions and assigning access based on rules further ensure employees can access only the information they legitimately need in order to get their job done. This is especially important for organisations responsible for handling personally identifiable or sensitive data (like healthcare records), or complying with regulatory standards.

Proactive approach

However, to combat the onset of an email-spawned cyber-attack, and eliminate the risk of human error or misadventure, a proactive approach is essential.

Ownership for defending customers from cyber-attacks stays with the enterprise, as, ultimately, that is where the accountability lies.  Businesses who secure the email channel appropriately not only have greater consumer trust, but also fewer fraud losses, less operational overhead and a significantly reduced chance of hitting headline news for all the wrong reasons.

Adhering to email technology standards like DMARC, which give complete visibility into who is sending email on a business’s behalf, is key.

What’s more, technologies like DMARC give companies the ability to control what happens when a fraudulent email is sent and allows companies to prevent malicious mail from ever reaching a consumer’s inbox. Indeed, many companies are surprised to learn exactly how many domains and sub-domains within their organisation and their authorised third party senders are delivering customer messages.

By taking a preventative approach to email security in the context of wearables, businesses will be able to remove the risk of an infected email even reaching a recipient. In doing so, businesses can not only play a real role in breaking the vicious cycle of data breaches we are caught up in and stop malware attacks across the internet, but also ensure the promise of wearables and the IoT is realised.

How Safe is Your Business? Take the Cyber Security Assessment

Free Download: Cybersecurity and physical security systems: how to implement best practices

If you are involved in the operation or maintenance of physical security systems, this resource from Vanderbilt will help you choose the right equipment for staying diligent. It provides a five step process for strengthening the resilience of those systems against cyber-attack, as well as explaining what cyber-attacks mean in an interconnected world.

Discover the five step process now by clicking here.

Related Topics

Leave a Reply

avatar
  Subscribe  
Notify of

Sign up to free email newsletters