Research indicates that nearly two-thirds of organisations in the UK were the victim of malware attacks in 2009. Whereas previously emails sent en masse were the preferred mechanism for delivering malicious payloads, the use of email security solutions and greater awareness of the dangers of emails and their attachments are making such attacks less successful. Instead, attacks are becoming increasingly targeted at specific organisations or individuals, and are making use of blended mechanisms for a greater chance that the exploit will be successful. For example, an email may contain a hyperlink to a malicious website, or content downloaded from a website may infect others when a user sends it to a contact.
The majority of organisations have implemented some form of security controls for emails, even if this is just basic anti-virus technology, based on signatures of known exploits. However, less attention has been paid to controlling threats emanating from websites and webbased applications, which are where the current generation of threats are coming from. As organisations look to upgrade their email protection to gain better protection and to take advantage of emerging capabilities such as email archiving, they would be well advised to look for a technology provider that can combine email protection with web security controls.
This document is the first in a series of three papers that looks at the realities of email and web security today. The other papers discuss how on-demand, cloud-based services are evolving, what the ideal service should offer and the benefits that organisations will gain from using such services for email and web security combined.