The following is a guest article by Rom Hendler, CEO and Co-Founder at Trustifi.
In the heyday of on-premises email systems, SEGs were the leading security methods to protect a company’s data and users from email attacks. Cyber security has become paramount for practitioners since HIPAA regulations came into law, especially in light of email security, since PID (personal identifying data) and electronic records were suddenly being housed online and transmitted across the internet on a daily basis. Traditional security email gateways (SEGs) functioned by screening-out mail from known IP addresses.
Although much has changed since the advent of these technologies and the evolution of cloud environments, SEGs are still the traditional method of email security. Yet malicious hackers have developed new methods to take advantage of the cloud and circumvent SEGs, where more than just medical information is under threat of compromise on the typical email server. New, sophisticated phishing attacks have been developed where hackers impersonate high-level personnel and request unauthorized access to information, or demand that trusted colleagues conduct wire transfers. To combat these new threats, the market has recently seen the introduction of powerful “next gen” security solutions that use APIs to create a relay between the Microsoft Exchange server and the security software. Also known as relay-based security, these sophisticated solutions overcome the weaknesses of SEGs in new cloud-based infrastructures.
SEGs lack agility
Phishing attacks have become a common approach for modern hackers to infiltrate a healthcare organization’s email data. Through what have become known as “social engineering” attacks, cyber criminals trick email recipients into giving up system log-in credentials. The cybercriminals then use those purloined credentials to enter the user’s account to send messages to other victims. Because the malicious messages originate from a legitimate email account, SEGs cannot detect them. SEGs are designed to block messages at the perimeter from known blacklist addresses. Because the hackers have gained access to a legitimate inside address, the gateways are useless.
A typical attack begins with hackers researching the C-level executives of an organization and their associates. They intercept unencrypted communications and determine the role and authority of the targeted user, such as a CEO or high-ranking finance officer. Once hackers breach that executive’s account, the malicious actors send a message to a trusted colleague in that organization asking them to do things such as wire company money to an account owned by the criminals, or share credentials that provide access to confidential data. The trusted employee complies–and the whole scam often happens so quickly that the unsuspecting victims don’t have time to cross-check the request until the damage is done.
AI and OCR to the Rescue
To defeat these social-engineered attacks, the “next gen” security solutions employ powerful artificial intelligence (AI) and hyper-sensitive optical character recognition (OCR) filters to scan every email, both internal and external, before those messages hit the recipient’s inbox. Tools powered by AI detect key terms, such as “wire transfer,” “password,” and “bank account.” They can then analyze the context of the message to determine whether it is a likely suspect for criminal activity. The OCR engines scan logos, images, and the contents of file attachments to look for telltale signs of tampering, forgeries, and trigger words that might lead to HIPAA violations, compromised PID, or loss of funds. The security system can block or isolate suspicious emails, warn the sender, and flag the messages as potential risks for the receivers.
Additional features of relay-based security solutions
Besides AI and OCR capabilities, critical features of an effective cloud email security solution include:
- Encryption – All outbound emails should be encrypted to best protect against compromise. Criminals cannot create a social-engineered phishing attack if they cannot read and analyze a healthcare organization’s email traffic. The solution is even better if it enables encryption of inbound emails. Ease-of-use is critical here: Encryption is highly effective in reducing attacks on both the senders and the receivers, but it works only if it is simple to use. Unless the encryption process is automatic and seamless for both the originator and the recipient, it won’t be fully adopted, and the organization’s unencrypted emails will be loose in the wild for hackers to intercept.
- Automated Security Compliance – Sensitive information often leaks through email messages because the user has to make a decision about whether the message contains sensitive information and then manually apply the appropriate security protection. HIPAA, PCI, and even GDPR data protection regulations are complex enough to confuse even the most diligent of healthcare employees. Users with the best of intentions may still fail to recognize when an email they just wrote falls under a regulatory compliance requirement. A security solution with sophisticated one-click compliance will allow healthcare IT administrators to set the system to automatically encrypt emails according to guidelines for HIPAA (and a host of other regulations), taking that burden out of the hands of users.
- Simple Administration – Not only is simplicity of operation important to the system end users, it is also critical for the IT administration and maintenance staff. An effective solution requires only minimal expertise and hands-on intervention by the system administrators. A single click of a button should be all that is needed by the admin to enable automated compliance and company-wide encryption.
Final Thoughts
Cyber criminals are a resourceful breed. Cyber security providers must be even more resourceful to stay ahead of the attackers, especially in vital, sensitive (and heavily regulated) markets like healthcare. A cloud-deployed, relay-based, centrally managed security solution can keep a healthcare entity’s email defenses up to date with virtually no effort by the organization’s IT security team. Next-gen, multi-layered cloud email security solutions offer best-in-industry protection for mission-critical email systems protecting healthcare companies, practitioners, and in turn, patient data.
