Mitigating the number one attack vector in the world

Valimail is pleased to be featured as a Distinguished Vendor in the 2020 Security Annual from TAG Cyber — for the second year in a row.
Valimail CEO Alexander García-Tobar spoke with TAG Cyber’s Edward Amoroso for an in-depth interview, included in the 2020 Security Annual, on the subject of “Mitigating Email Security Threats.”
“The Valimail email authentication solution is innovative and exciting,” said Amoroso.
The 2020 Security Annual is part of a series from TAG Cyber that has been published each September since 2016. The massive report offers expert guidance, analysis, and education on fifty different aspects of the cyber security ecosystem.
In this interview, García-Tobar talks with Amoroso at length about the risk that phishing poses and how Valimail’s platform addresses it.
An excerpt from that interview:
EA Is it an exaggeration to say that phishing has become the number one attack approach in the world?
AGT It’s no exaggeration. There’s a preponderance of research reports that all agree that phishing accounts for more than 90% of all cyberattacks and breaches. These include Verizon’s Data Breach Investigations Report, as well as research reports from Barracuda, Proofpoint, Cofense (formerly PhishMe), and others. While zero-days, Trojans, and sneaky network-based intrusions get most of the media coverage, most attacks are initiated by phishing emails. Even ransomware, which spreads through organizations using vulnerabilities in local area network protocols, relies on phishing to gain its first foothold. If you can eliminate phishing, then you cut off the initial vector of infection for the vast majority of attacks, thus forcing attackers to use more difficult methods.
EA How does the Valimail platform reduce email risk?
AGT Valimail is an industry leader in the protection of email from cyber threats. With deep capability in supporting standards such as DMARC, for example, the company supports high assurance for email, collaboration, and workflow activity. We recently caught up with Alexander Garcia-Tobar of Valimail to gain insights into the email security ecosystem and how the company continues to develop and innovate platform capabilities to better support enterprise customers.
Modern phishing attacks have moved beyond the obvious vectors, such as malicious attachments and links to malicious websites, and are now exploiting a fundamental weakness in the way email works by deploying sophisticated impersonation campaigns. These fake emails appear to the recipient as someone you’d trust such as your boss or your bank. And in most cases, they don’t contain any obvious malware that existing security solutions are looking for.
According to a recent study from Barracuda, 83% of all spear phishing emails are impersonations, which means that sender identity is the choke point for stopping the vast majority of phish.
The lack of a comprehensive identity-based solution is why there’s been such an explosion in business email compromise (BEC) over the past few years. In fact, the FBI now asserts that BEC is responsible for the vast majority of cybercrime losses — over $3.6 billion in 2018 alone.
Valimail eliminates this vector by validating senders’ identities through open standards and a variety of other techniques, so that untrusted and unauthenticated senders simply do not get into the inbox. Our unique focus on “who” sent the email versus “what” is in the email stops attacks that existing security solutions miss, which reduces the risk of BEC and other types of impersonation-driven email fraud.
You can read the interview in full right here (click to view the .pdf file, or right-click to download it).
Or click to read the full 2020 Cyber Annual from TAG Cyber.