Sorry to be like the department store that puts out the Christmas decorations before it's even Halloween, but the holiday season will be upon us before we know it.
And as is traditional this time of year, Proofpoint's live web seminar series takes on the perennial rise in spam, phishing attacks and other forms of email nastiness that occurs during the holidays.
Join us live on Wednesday, November 17th for "Holiday Threats: Why Fruitcake is the Least of Your Worries" as Proofpoint email security expert Steve Eddy discusses some of the latest spam, blended threat and malware distribution techniques and what you can do to protect your organization and email users.
Despite the whimsical title, the topic is very timely and serious. We always see spammers and scammers using the increased volume of valid commercial email during the holidays as a “cover” for their messages, making it easier to deceive people into responding to fraudulent email.
Learn about the latest spam tricks and techniques, the return of some of the "old school" attacks that are making a dangerous comeback, how proper inbound threat protection relates to PCI-DSS compliance and some of the best practices around user education, mail server configuration and gateway email protection that can help keep your organization safe.
Register at the link below. As always, if you can't make it to the live webinar, you'll still receive a link to the replay edition as soon as it's available:
Proofpoint exhibited recently at the 2010 Infosecurity Europe show, held in London, and as we did at the 2010 RSA conference, we conducted an electronic survey about email trends that 140 attendees (81% of them with IT, security or messaging titles and the balance with analyst/legal/compliance or non-IT titles) took the time to fill out.
Among the findings:
43% of respondents said they are "very concerned" about inadvertent leakage of private or personal information from their organizations via email. Fully half said they are "somewhat concerned" about this issue. Just 7% claim that they are "not concerned" about these sorts of data leaks.
That concern is well justified since nearly two-thirds (64%) of respondents said that their organizations are subject to data protection regulations that require certain types of email to be encrypted or handled with particular care, because the contain private or confidential email. Only 25% said their organizations were not subject to such data protection regulations.
In this short video, several attendees discuss the various regulations (such as the UK's Data Protection Act, PCI-DSS, etc.) that apply to their company's use of email:
The trend toward increasing the security around private data is something we've reported on quite frequently here in the blog and the growing awareness of data loss issues is reflected in some of our other survey findings. For example, 94% of respondents who have a corporate laptop said that it was password protected and more than half (58%) said that their corporate laptop used full disk encryption.
In addition, nearly half of respondents (49%) said their organization had already deployed an email encryption solution. Another 21% said that their organization intends to deploy an email encryption solution in the future.
On the topic of inbound email security, 40% of respondents said their organizations had been the target a "spear phishing" attack in the past 12 months. That is, they were targeted by a phishing email designed specifically to compromise their own email users. (Our survey from RSA, where most respondents were US-based, found that nearly half of respondents believed their organizations had been the target of spear phishing attack in the last 12 months.)
35% of respondents said that effectiveness and accuracy is the most important factor when selecting an email security solution, while 26% cited cost. 20% said that "ease of administration" was the most important factor. 8% cited available deployment method (e.g., SaaS vs. appliance) and 4% cited vendor brand/reputation as the most important decision factor when selecting an email security solution.
Survey respondents were also asked about their top email annoyances. It's probably no surprise that spam and phishing emails that get through the organization's spam filter were the top two annoyances (48% and 21%, respectively). But certain types of legitimate email were most annoying for some of our survey respondents:
17% find legitimate email newsletters/marketing emails that are sent too frequently their top email annoyance.
9% find legitimate emails from coworkers or business contacts "that I just don't have time to answer" as most annoying. (As I mentioned in my post on RSA survey findings, I still fall into this camp!)
Just 2% find social media notifications and other types of legitimate, but non-essential, emails as most annoying.
In the following video, attendees on the Infosecurity Europe show floor discuss their top email annoyances:
Ken's a great presenter and if you're at all concerned about email as it relates to compliance with data privacy regulations, you won't want to miss this online event. Here's the brief overview of what Ken will cover:
Email continues to be the number one source of data loss risks. If your organization handles data governed by regulations such as PCI, HIPAA or GLBA, you need to ensure that your email system can protect sensitive information from improper exposure, while also enabling secure communication your customers, clients and business partners. Join this discussion to learn more about requirements for protecting sensitive data in email. You’ll learn how automatic, policy-based email encryption can provide effective protection for sensitive information in email and why it be should be a central part of your approach to compliance.
To attend, please register by visiting the following URL and clicking the "Register for this event" link:
Our live web seminar series continues on March 24th, 2010 with an important topic that we haven't covered in a while, compliance with PCI (Payment Card Industry) data security standards. If your company handles credit cards and cardholder data, you should be aware of these requirements.
We'll discuss the critical role that email security plays in PCI-DSS compliance. You'll also hear real-world examples of how Proofpoint customers use integrated email encryption and data loss prevention technologies to tackle a wide variety of compliance challenges, securely transmit sensitive data via email and improve the levels of service and convenience they deliver to their customers.
Find more details and register by visiting the link below:
