Once considered a dirty word, no one today would doubt the importance of security. A decade ago, the world had a shock when the ILOVEYOU worm was unleashed by email, infecting an estimated 10% of computers worldwide. As such exploits became more common, organisations looked to implement controls for achieving email security and now the vast majority of organisations have such controls in place, at least in the form of anti-virus if not other protections.

Today, however, those controls are not sufficient. With hackers increasingly sophisticated and motivated by financial gain, it is harder to defend against them. The web is now the preferred vector of attack, generally in combination with another vector, such as email.

According to the Anti-Phishing Working Group, 95% of attacks rely on HTML, the predominant markup language for webpages, as a delivery mechanism. However, while more than 99% of organisations use anti-virus applications, just 60% are using web or URL filtering technologies to protect themselves against malware picked up on websites.

For any organisation, a web presence is vital as is email as a communications tool. To shield themselves from brand or reputation damage resulting from those systems being attacked, which could lead to sensitive information being stolen, organisations need to beef up their controls. But, as vital as those systems are, many organisations find that implementing the controls in-house and ensuring that the protection offered by the controls are constantly up to date regarding the latest threats is a daunting task. Organisations need to assess the risks that they face to ensure that the investments that they make in security suit the needs of their particular organisation.
For many organisations, from small, resource-strapped firms to large, geographically dispersed multinationals, a better option than implementing email and web security controls in-house may be to outsource the services to a cloud-based service provider.

Bloor Research has recently published a paper that discusses the availability of such services, the benefits that their use brings and the capabilities that the service provider must offer, including the provision of global threat intelligence services to identify new threats that have not been seen before in order to develop countermeasures that can be pushed to all customers. The paper is free to download here: Next generation email and web security.