Do email and messaging security still matter, against the current background of social networks, consumerisation, mobile and bring-your-own-device? The answer, according to a recent report from two industry groups, is a resounding yes. However, given this rapidly changing technology landscape, the way that it matters has changed – so our behaviour needs to change accordingly, both at an individual and an organisational level.
The cross-vendor Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) collaborated with anti-spam organisation the London Action Plan (LAP), to produce the report. Among the contributors was our very own Eric Chien, Technical Director of the Symantec Security Technology and Response team.
Nobody could fault its comprehensiveness - it's 46 pages long, and goes into great detail about the background to current threats, with examples. So what's the take-away? The top level conclusion is aimed at the international community, which “needs to step further into the Internet ecosystem and collaboratively develop multi-faceted and multi-lateral approaches," says the report.
More usefully for consumers and employees, it also provides best practice guidance, in jargon-free, easily digestible terms. This covers four areas of threat:
- malware and botnets - generally, but not exclusively applicable to desktop and laptop computers
- phishing and social engineering - concerning email and social networks
- domain name exploits - more (but again, not exclusively) relevant to system and network administrators
- mobile threats - exploring how the broadening range of devices is creating new threats
The report may not be on everyone's reading list (though maybe it should be); meanwhile, it offers an excellent source for security professionals and those responsible for pulling together best practices and acceptable use policies for organisations. In a world where everything seems to be more and more complex, it provides a welcome level of clarity for all parties. Recommended.
You can find more insights from Symantec’s Security Technology and Response team here: Symantec Security Technology and Response