Information security is a core component of Exchange administration and oversight, yet it's taken for granted all too often. It's good to holistically view and manage security across the enterprise, but there's always room for improvement. It's critical to regularly look at the security of your Exchange messaging environment.
Regardless of your role in IT, the Verizon 2014 Data Breach Investigations Report (DBIR) can help you come up with a plan to improve how to oversee your Exchange messaging environment. One of the largest and longest-running studies of its kind, the DBIR is chockfull of information on why enterprise security matters. It also contains some good ammunition for getting management and others on board with security -- if that's your organization's barrier.
So what does the DBIR have to do with Exchange Server? A lot. While it's best to read the entire report, here are seven takeaways to help you find weak points in your messaging platform.
1. The top 10 threat actions for 2013 were related to passwords, phishing and malware. Do you have the right policies backed up by the appropriate technologies to help prevent attacks in these areas?
2. More than 80% of malware infections (81%) start with activity over the Web rather than email -- the preferred attack vector of previous years. Email comprised only 9% of all malware infections, yet Web activity and email go hand in hand. What are you doing to correlate the events happening in your enterprise so you can minimize the effect of any one breach or area of the network that's impacted?
3. The preferred attack vector for cyber-espionage was email -- a whopping 80%, to be exact. Verizon measured phishing success rates at "only" 18%. You can't afford anything much over 0% for security's sake. How is your social engineering or phishing program shaping up?
4. Email misuse made up 11% of all threat actions in the "Insider Misuse" category of the report, but the top threat was privilege abuse (88%). Other notables were data mishandling and unapproved workarounds, all of which take place over email. How do your security strategies score in the areas of content filtering, data loss prevention and email system monitoring?
5. System administrators were noted to have abused their own email system by posing as other users. How are you protecting against that?
6. Desktop computers made up the majority of system assets affected by insider misuse, including data leakage via email. Do you have layered messaging defenses that go past your Exchange servers and extend to the desktop and beyond?
7. The most frequent method of data disclosure involved sending email messages to the wrong recipients. This is not a simple issue to prevent, but content filtering, email footer warning messages and a healthy dose of continual user education can go a long way. How are you addressing this problem?
One final thing worth noting is that business size doesn't matter when it comes to security breaches. Verizon found that criminal hackers and other security issues affect both large and small organizations across every imaginable industry. Use this information to erase the tired "We're not a target, nor do we have anything of value" argument from your enterprise's mentality.
About the author:
Kevin Beaver has worked for himself for more than 11 years as an information security consultant, expert witness and professional speaker at Atlanta-based Principle Logic LLC. He specializes in performing independent security assessments revolving around information risk management, and is the author and co-author of many books, including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking for Dummies.