How Las Vegas Stops Email-Borne Cyberattacks Pre-Delivery

Paul Brady Photography/

“For most organizations email is a weakness, as much as we try and educate our user population,” said the city’s IT director.

Las Vegas is ramping up efforts to detect and block email-borne cyberattacks in the wake of debilitating ransomware incidents in other cities.

Most content-borne cyberattacks, 95 percent, are delivered via sharing, increasing the need for cities to secure their entire organizations.

“Sin City” chose to add Israeli startup BitDam’s Advanced Threat Protection solution as an additional layer of cybersecurity protecting thousands of employees’ inboxes from malicious content hidden in links and files.

“We’re seeing a huge rise in phishing and malware incidents, and that’s an area where we’re most susceptible,” Michael Sherwood, director of information technology for Las Vegas, told Route Fifty. “For most organizations email is a weakness, as much as we try and educate our user population.”

BitDam scans emails pre-delivery, as well as instant messages on platforms like Slack, to eliminate threats like ransomware, phishing and zero-day attacks before they enter the network. Users experience little latency between the time of entry to email delivery, Sherwood said.

The cybersecurity company offers the cities and counties it works with—a few even larger than Las Vegas—a month of traffic intelligence on incoming threats and how they’re bypassing existing security. In every case BitDam has detected “some serious” attacks, said CEO Liron Barak.

Within four weeks, BitDam detected 26 unique attempted attacks that bypassed every security measure Las Vegas had in place and stopped any potential infections.

“We saw some good results during that process,” Sherwood said. “It has made a difference and has identified incidents other products in our environment failed to detect.”

Successful attacks could wind up costing cities like La Vegas millions of dollars, Barak said.

While still in the pilot phase, that’s “close to ending,” Sherwood said, and the city wants to tailor the solution with an even more sophisticated algorithm for detecting phishing attacks.

“Phishing attacks are simplistic in nature but complicated to detect because, within an email, how do you validate it is who it is?” Sherwood said.

Sherwood has first-time contacts with salespeople and reporters he’s never talked via email regularly, and cybersecurity tools can’t be so restrictive that email becomes ineffective, he added.

BitDam strikes to not just rely on knowledge of previous attacks, but also detect new ones, Barak said. Advanced Threat Detection works by ensuring apps are working as intended by their providers.

“Once we see deviation from normal code of the application, we can actually detect that as malicious activity,” Barak said.

In that way, the solution is “practically agnostic” to apps at first sight, she added.

Las Vegas integrated BitDam quickly and within a couple hours identified the first suspicious email. The user interface makes it easy to take action against a threat, Sherwood said.

“We look at taking a layered approach, and a layered approach is using multiple products—not just one,” he said. “That is a standard in today’s cybersecurity landscape.”