FB Pixel no scriptDecoding Email Security: An Inside Look with Mimecast's Garrett O’Hara | KrASIA

Decoding Email Security: An Inside Look with Mimecast’s Garrett O’Hara

Written by Gideon Ng Published on   5 mins read

Mimecast combines a defense-in-depth approach with machine learning to effectively safeguard users from constantly evolving cybersecurity threats.

Email has become an integral part of our lives, with a projected volume of 392.5 billion emails sent per day by 2026. However, some of them can be malicious in nature and have cost organizations billions of dollars in data breaches and reputational harm.

Since 2003, Mimecast has been at the forefront of combatting cybersecurity threats by providing advanced solutions for email and collaboration resilience to companies. With its experience and expertise, Mimecast has established itself as a prominent global leader in cybersecurity, serving over 40,000 customers across more than 100 countries.

KrASIA recently spoke with Garrett O’Hara, Director of Solutions Engineering APAC at Mimecast, to learn more about how email poses significant threats to an organization and what additional measures can be taken to enhance security.

The following interview has been edited and consolidated for brevity and clarity.

KrASIA (Kr): In your opinion, why do email-related threats pose the greatest risk compared to other threats?

Garrett O’Hara (GO): Email is a major vulnerability in cybersecurity, serving as a primary starting point for many attacks. It is a direct pathway for attackers to exploit organizations by targeting individuals through social engineering, phishing attacks, ransomware, or data exfiltration attempts.

The usage of email has increased, especially with remote work, making it an attractive target. In Singapore, for example, there has been an 84% increase in email usage in companies, according to reports on the state of email security. Reports also indicate a significant rise in email-based attacks, with 99% of organizations in Singapore having experienced such attacks.

Companies like ours work to block these attacks and render malicious emails harmless by scanning emails and preventing access to malicious websites or attachments. Safeguarding collaboration tools like Microsoft Teams and Slack has become a growing concern for the future, as attackers can exploit vulnerabilities by sending URLs or attachments through these channels.

Kr: How does Mimecast’s cybersecurity framework differ from other security providers?

GO: We have extensive expertise and a global presence in server security. Our platform’s true hyperscale architecture, which we pioneered before major cloud providers like Azure and AWS, demonstrates our commitment to innovation.

By integrating multiple technologies, including proprietary and external engines, we enhance the safety of our customers’ emails. Our cloud-native platform is API-driven, allowing seamless integration with other security platforms like Netskope or Microsoft, facilitating the exchange of intelligence.

As attacks evolve, we continually adapt our core platform and technologies to protect organizations effectively. In addition to being a global leader in email protection, we have expanded into areas such as brand protection and proactive threat detection on the web. Through techniques like monitoring for cousin domains and typosquatting (when a hacker registers a domain with a deliberately misspelled word of a well-known website), we mitigate potential threats in advance.

What sets us apart is our unique approach to awareness training, which employs engaging content inspired by platforms like Netflix and the advertising industry. We prioritize effective communication with end users, ensuring they pay attention and develop improved cybersecurity behaviors within their organizations.

Email remains a prime target for attacks, and we are dedicated to ongoing innovation and protecting our customers now and in the future.

Kr: Your website mentions that your products are AI-powered. How does this work, and when will they come into play?

GO: We recognize the fast-paced nature of cyberattacks and the need to adopt new strategies for customer protection. Mimecast has been utilizing machine learning (ML) and artificial intelligence (AI) for an extended period, even before their recent popularity, and they are particularly effective in analyzing large data sets with identifiable patterns.

ML algorithms are valuable in analyzing URLs within emails, allowing us to detect and block malicious links based on pattern recognition. ML also helps in website scanning, identifying potential dangers and brand jacking through computer vision tasks that analyze logos on web pages.

In combating business email compromise and social engineering attacks, ML plays a crucial role. By training models on extensive datasets of known good and bad emails, we can precisely identify dangerous emails and block them outright or display contextual banner images to recipients, highlighting potential anomalies.

Many attackers are also leveraging AI and ML, so security organizations have a pressing need to employ these technologies and defend against malicious attacks.

Kr: Can you share some examples of how Mimecast has helped organizations create a defense-in-depth model?

GO: The defense-in-depth model involves layering different technologies and platforms to ensure comprehensive protection against cyber threats. Mimecast, as a single vendor, covers various aspects of defense-in-depth and offers features like brand exploit protection to remove malicious domains and a DMARC Analyzer tool to detect spoofing attacks.

Additionally, our awareness training solution educates end users on making secure choices. Many prominent organizations worldwide, including Royal Cosun and Centrax, choose Mimecast to enhance their comprehensive security strategies across different areas such as gateway security, targeted threat protection, and business email compromise protection.

Kr: Are there any recent high-profile security risk cases that our readers can learn from? What is your opinion on them and how could they have been avoided?

GO: Openness and information sharing within the cybersecurity industry are crucial for collective defense against cyber threats. Toyota was the subject of the most recent incident, where a cloud misconfiguration led to the vehicle data of 2.15 million users in Japan being publicly available for almost a decade. Mistakes can occur, and it’s important to learn from these incidents and improve cybersecurity practices without blaming individuals or organizations.

Human error plays a significant role in these breaches, as seen in the email phishing attack on Uber. Hence, organizations must focus on the human element of cybersecurity, with every employee prioritizing vigilance and caution.

Regular penetration testing by third-party teams can uncover vulnerabilities that internal teams may miss, further strengthening defenses. The AirAsia data leak highlights the value of investing in robust security measures, considering the potential impact on brand reputation and financial losses. Breaches at Singtel and Optus emphasized the importance of securing APIs and platform access, leading organizations to prioritize the security of API endpoints.

Openness, collaboration, human awareness, policy implementation, and robust security measures are key to strengthening cybersecurity and protecting against evolving threats.

Kr: The Behind the SCREENS report was published by Mimecast this year, where it shed light on the current perceptions of cyber risk by the C-suite in various organizations. One of its key findings was that not all board members understand the importance of cybersecurity. What are some methods that Chief Information Security Officers (CISOs) can use to communicate this importance to their board members?

GO: Board members are increasingly recognizing the importance of cybersecurity due to high-profile incidents affecting well-known brands. However, there are challenges in effectively communicating cybersecurity matters to the board.

More experienced CISOs are adopting business-oriented language, relating cybersecurity to financial values and risk, to help board members understand the impact on the business. Aligning cyber risk with overall business risk and integrating cybersecurity into broader business objectives is crucial.

While some CISOs believe a breach is the best way to secure budget approval for a cybersecurity program, experienced CISOs develop proactive strategic plans aligned with business outcomes. Understanding the organization’s risk profile and aligning spending with risk levels are important considerations.

Clear Key Performance Indicators (KPIs) and measurable objectives should be established and regularly reported to the board. Phishing attacks are a key concern for board members, and building a security culture from the top down is essential. Simulations — such as tabletop exercises involving various teams — help prepare the entire team for breach scenarios and emphasize the importance of cybersecurity programs.


Auto loading next article...