The Doyle Report: Email Threats Are Still Your Customers’ Worst Nightmare
COMPTIA CHANNELCON — If you’re looking to help your end customers protect their data, apps and networks, don’t overlook their email boxes. They’re still the epicenter of an estimated three-quarters of all successful cyberattacks.
So says Neal Bradbury, vice president of channel development at Barracuda Networks Inc.
Here at ChannelCon 2018, I had an opportunity to connect with Bradbury, who sold Intronis, the data-protection company he founded, to Barracuda almost three years ago. Since then, he has worked diligently to build support for Barracuda MSP, which is now sold by roughly 3,000 partners worldwide.
In the last year, the company has invested heavily in email security, which is one of the fastest growing parts of the Barracuda’s business. Last week, for example, the company announced that sales bookings of Barracuda Essentials, the company’s all-in-one email security, backup and archiving service, grew 232 percent year-over-year in the first quarter of fiscal 2019. What’s more, email security product bookings in the quarter grew 36 percent. That will likely give the company a $100 million annual run rate in email security.
Why is this so important?
Because email is still the epicenter of most cyber mishaps, says Bradbury.
“If you look at any small business, email is still the biggest threat factor that partners need to cover,” says Bradbury. “Just like we say, ‘Do layers in security,’ we are doing layers in email.”
How so? First the company’s technology goes after malicious attachments. Then it tries to address continuity and compliance.
When it comes to new threats, Bradbury says one of the biggest trends of late is business-account compromise. This is when an executive’s email account gets compromised without anyone’s knowledge. (In a recent interview with Jay Parisi, partner and senior technical officer at Aegis Technology Partners, a 2018 MSP 501 company, Parisi explains the lengths that some criminals will go to hijack the email account of an executive at a prominent end customer.)
“Hackers are getting into a CEO’s or CFO’s box and not doing anything immediately; instead, they gain access, compromise and then watch,” says Bradbury. They might watch for six months to learn the rhythm, language and even the look of emails. When sufficiently armed with inside information, they strike — often with devastating results.
Barracuda Sentinel was created to prevent this very issue. It works with Office 365. More than a gateway solution that simply watches activity going in and out, it’s actually an API-based solution that can detect rogue activity based on aberrant behavior.
To bolster its technological capabilities, Barracuda acquired PhishLine, a leading SaaS platform for social engineering simulation and training, in January. The platform helps train end users and help prevent them from clicking on things they should not. This is critically important, Bradbury says, for small businesses, which typically have the least sophisticated best practices when it comes to email security.
“If you shut down a country, a language or set of characters for a small business, you might be unwittingly blocking them from conducting their business. Today’s current state of affairs and technology, whether it be ours or Mimecast’s, Proofpoint’s, etc., presents an opportunity for MSPs to have a dialogue with their customers. We have recommendations, but MSPs have an opportunity and responsibility to more deeply engage their customers,” Bradbury says.