In the world of cyber-crime today, the most common type of attack by far is email phishing. Cyber-criminals send out emails that appear to be from trusted organizations, urging them to take a specific action - usually either opening an attachment or clicking a link. In doing either of these, you unknowingly trigger the installation of malware on your computer without even knowing. Once on your computer, the malware quietly goes to work to carry out whatever nefarious actions its creators desired.
Your People Are The Problem
So why do cyber-criminals use email so much? Because it works! They know that today's office workers are super-busy and overloaded. To make it worse, they're also distracted by phones ringing, emails dinging, texts pinging, social media, and all the other facets of modern life. So when a new email arrives in their inbox they only bother give it a cursory glance. If it looks legitimate, they either try to open the attachment or click the link. We see this happen day in and day out across our client base, regardless of age or level of tech-savviness.
Now, let's take a closer look at the two attack vectors mentioned above, and how Microsoft's Office 365 Advanced Threat Protection deals with each of them:
Email Attachments
Most anti-spam systems work by analyzing the language of the message and ts origin, and scans attachments using outdated signature-based anti-virus technology. And this is where it fails, because today's cyber-criminals use malware so new that it's unknown to those anti-virus systems, and thus passes right through undetected.
Microsoft Office 365's Advanced Threat Protection (ATP) add-on combats zero-day attacks by actually testing the behaviour of the attachments inside a "detonation chamber" in a sandbox environment. And where a traditional signature-based solution would miss newer malware, this method is able to effectively detect most zero-day attacks that would otherwise pass right through and into your organization's network.
Email Links
The second most common email attack we see is email links that look legitimate but actually go to rogue websites. Clicking the link takes you the rogue website, where scripts use software vulnerabilities to silently install malware onto your computer. A rogue website can be either one specifically created for this purpose, or a compromised legitimate website used to distribute malware.
Microsoft Office 365 Advanced Threat Protection (ATP) combats this threat by scanning the link's destination website for malware or other suspicious behaviour. If anything fishy is found, the link is rewritten to go to a warning page instead, letting the user know that the link was blocked and why.
Real-Time Protection
Most cyber-security measures aren't effective if they require users to be actively involved. They can even be actively resented if they slow down peoples' work or cause them aggravation. Advanced Threat Protection (ATP) is 100% seamless to the end user. All the heavy lifting done in the Microsoft Cloud before an email is even delivered to the user's inbox. Only if an attachment is detected as malware and removed, or a link detected as rogue and redirected, would the user even know it was protecting them.
Other Ways To Protect Your Organization
It's important to note that no technology is able to detect 100% of threats, as it's a constant cat and mouse game between cyber-criminals and cyber-security researchers. The most effective defense is a layered approach to security, so that if a threat slips through one layer, it's caught by another, and never makes it all the way through to do any damage.
One effective way to improve your odds is by investing in regular cyber-security awareness training for your staff. This training teaches them the fundamentals of what to look for and how to deal with a variety of common threats. We recommend at least yearly training, as the threats are constantly changing, as are the recommendations on how to deal with them.