Written by Geir Inge Jensen, CISO | 19 January 2021
Stay up to date!
* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.
Email is still the workhorse communication channel for modern businesses, and shipping is no exception. For modern shipping companies, email is the primary platform for exchanging business-critical information between ship and shore.
94% of detected malware was delivered via malicious email attachments
Email phishing is the number one type of threat action in breaches
45% of malware was delivered by email attachments containing common Microsoft Office documents
These numbers tell us that your ships’ networks are one click away from being compromised.
How do you keep all email traffic to and from your ships protected from current email-borne threats and attacks? Training and awareness are essential, but it is not enough. You need a multilayered approach to email threat protection that includes scans by multiple antivirus engines, several anti-spam scoring mechanisms and phishing checks based on comprehensive and up-to-date lists to name a few of the tools that should be in place.
Basic email protection doesn’t cut it
Most email platforms today offer an email filtering mechanism. However, basic email filters do not have the complexity to stay ahead of modern-day threats such as the Emotet malware.
Unsolicited emails and phishing attempts are not going away. On the contrary, they are only going to increase in number and complexity. Thus, you cannot rely on ‘basic’ mitigation measures to ensure future emails do not represent a threat to your onboard cybersecurity.
What to look for in a multilayered email security system
To help you select the right email solution for your fleet, let’s look at six minimum requirements of an advanced maritime email security system.
1. Block spoofed domain names
You want an email security system that checks for emails from domains that do not exist, or for spoofed emails from valid domains.
Email spoofing is a form of cyber attack where email messages are created with a forged sender address, usually to fool the recipient into providing money or sensitive information. A typical scenario is when an attacker sends an email pretending to be the CEO of a company to get an employee in accounting or finance to pay an invoice or authorise wire transfers.
In an advanced email security system, legitimate emails are authenticated against SPF records (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) standards. The system can block emails that appear to come from domains controlled by these records unless they align correctly.
2. Block phishing attempts
Phishing is a type of cyber attack that attempts to trick the email recipient into believing that the message is something they want or need – a request from their bank, for instance, or a note from someone in their company – and to click a link or download an attachment.
One of the most common threats to businesses today, both onshore and offshore, phishing leads to credential theft, unauthorised access to sensitive systems, and sensitive data breaches.
A maritime-optimised email security system needs to provide the following features:
Link analysis (does the link point to what is expressed in the email?)
Is the sender included in the safe sender lists?
Cloud reputation of content lookup
Analysis of content
3. Block malware by using multiple virus scanners
To keep your vessels safe from all the advanced threats emerging almost daily, the email security system that you choose must offer multi-layered protection, using multiple scanners.
Combining multiple anti-malware engines, where each scanner specialises in different virus categories, ensures continuously updated scanners and optimal malware detection rates.
Malicious email attachments represent a common threat. Cyber attackers attach files to an email that can install malware capable of accessing computers and network systems, potentially destroying or stealing business-critical data. Such attachments are typically sent along with email content that is sufficiently convincing to fool the recipient.
Your email security system should be able to:
Identify macros and executables
Verify whether the filename corresponds with the actual file type
Check even compressed files and archives
5. Detect and block spam
Although email spam is more nuisance than menace, it needs to be detected and blocked. Links in spam emails may lead users to websites with malware and phishing schemes, which can access and disrupt the receiver’s computer system. Also, on satellite networks, the sheer data volume of spam translates to unnecessary bandwidth consumption and, therefore, might represent a substantial cost.
An effective spam filtering email system must provide the following capabilities:
Comprehensive content analysis
Cloud reputation lookups
Machine learning (reputation of the sender)
Email spam score, blocking high scores
6. Link click protection
Any advanced email security system should offer link click protection.
Link click protection prevents users from opening malicious links, by checking each link against URL reputation databases. If the link is unsafe, users are alerted immediately. Attachments are quarantined until proven safe, preventing viruses and malware from disrupting your vessels’ networks.
The only way to effectively secure email traffic across your fleet is to implement advanced email protection.
such a system should also provide link click protection
Written by Geir Inge Jensen, CISO
Geir Inge Jensen is the Chief Information Security Officer at Dualog. Adding over 20 years of experience in network design and cybersecurity, Geir Inge is passionate about developing solutions and services that help shipping companies create a more cyber-resilient environment onboard their vessels. When he is not fighting maritime cybercrime, you can find him in the mountains enjoying the great outdoors with his camera in hand.