Did you know that 91% of cyber attacks today start with an email? Despite the growth in other attack vectors, email is still the most-used channel for general and targeted cyberattacks. Yet, many businesses are not aware of the threats unprotected email poses to their organization.
Email breaches could lead to significant financial losses, data and intellectual property theft, brand reputational damage, and prolonged downtime when a ransomware attack is followed. In this article we will review:
What is Email Security
How secure is your email
What kind of attacks start from email
Best practices to secure your email
What is Email Security?
Email security is a general term for the various practices, configurations, and technologies used to protect email communication channels. These are meant to secure email accounts, content, data, and communication against various forms of cyber threats. It protects you from malicious/deceptive incoming email traffic (received), and your customers from outgoing (sent) email. Proper email security implementation will intercept malicious emails, increase employee productivity, and provide one of the most important layers of security your company can have against advanced cyberattacks.
How secure is your email?
With email being the most common means of communication, it is also the easiest gateway to your organization and network. Attackers have significantly evolved over the years developing tools and techniques to bypass the traditional email security.
Proof of that is the astonishing 3.4 billion phishing emails being sent out each day across the world (and this is just one attack type).
Take Microsoft’s Office 365, probably the most popular business email out there. A recent study shows that only 7% of accounts had their defaults settings changed to make them more secure. The remainder, 93% were kept with minimal security which is far below the standard needed to protect against today’s threats. Hardening Office 365 email is a complicated task that requires both time and cyber expertise, but with questionable results, we must note. It seems that the controls are not up to the task and in the end, more valid emails are blocked (false positive) and malicious ones are missed.
Now is the time to ask yourself: “Is my email secure? Does the solution protect us against modern-day attacks?”
Limited or no configuration and Legacy email security technologies no longer provide adequate protection against current threats. To make matters worse, attackers do not stand still and keep evolving their tools and techniques to bypass email security. This means that most businesses remain exposed to cyberattacks that emanate from their email infrastructure.
What kind of cyberattacks start from email?
Because email is heavily used and largely unprotected, it is commonly used as an entry point for attackers looking to gain a foothold into your organization. Here are some of the more dominant examples of email attacks:
Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information with the intent to trick the user into giving up sensitive data like log-in credentials, account numbers, credit card information, etc.
Spear phishing and Whaling are subsets of a phishing attack whereby it is carried out in a more targeted way. Spear phishing targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents. Whaling attack targets a senior decision-maker within the organization.
Business Email Compromise (BEC) Attack
BEC is a scam whereby the attacker uses a hacked or spoofed email account to send messages. In this case, the attacker is completely impersonating a specific person. The impersonation can be achieved through simple spoofing (many rogue email services online allow anyone to send an email from any domain) or through an email account takeover. An account-taker means that an attacker has gained access to an employee's email account and now has complete control. The attacker can see all communications, change account settings, and send emails on someone’s behalf.
From this vantage point, the attacker then launches a variety of attacks with the top 5 defined by the FBI below. Without proper protections in place, these types of attacks are usually exposed only after the financial loss happens.
The FBI defines 5 major types of BEC scams:
CEO Fraud: In this case, he attackers position themselves as the CEO or executive of a company and typically email an individual within the finance department, requesting funds to be transferred to an account controlled by the attacker.
Account Compromise: An employee’s email account is hacked and is used to request payments to vendors. Payments are then sent to fraudulent bank accounts owned by the attacker. In most cases, these are valid invoices for which the banking information has been altered.
False Invoice Scheme: Attackers commonly target foreign suppliers through this tactic. The scammer acts as if they are the supplier and request fund transfers to fraudulent accounts.
Attorney Impersonation: This is when an attacker impersonates a lawyer or legal representative. Lower-level employees are commonly targeted through these types of attacks where one wouldn’t have the knowledge to question the validity of the request.
Data Theft: These types of attacks typically target HR employees in an attempt to obtain personal or sensitive information about individuals within the company such as CEOs and executives. This data can then be leveraged for future attacks such as CEO Fraud.
Email Security best practices:
Ensure the URL in emails is associated with the business/individual it claims to be from.
Be alert to hyperlinks that may contain misspellings of the actual domain name.
Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
Do not provide credentials or Personal Identifiable Information (PII) over email
Use multi-factor authentication to provide an extra layer of security when accessing email accounts.
Force end-to-end email encryption.
Set up SPF, DKIM, and DMARC protocols. These are protocols are email configurations acting as your first line of defense
Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
Consult with experts. Cybersecurity experts can guide your IT team about necessary configurations to secure your email system.
Choosing the right email security technology solutions
When selecting email security, there are several factors to consider:
Am I looking for a solution that covers only an email or other channels like SharePoint, One Drive, Slack etc? Many of the solutions cover these channels as well
Are there any regulatory requirements I need to abide by? For example, do I need a solution that protects against Data Leakage (DLP)? Is data leakage a concern for my business?
Do I have a hybrid environment of on/off premiss? Does the solution work in a hybrid scenario
Does it have machine learning and will reduce the false positives in the long run?
Can the solution spot email usage anomalies? (Accessing from odd IPs, high email volume, unusual hours, etc.)
When emails are quarantined, how easy is it to restore and determine if accurate or a false positive
Does the solution include file scanning and cleaning ?
Does the solution check that the site in the email links is legitimate?
Does the solution also scan links? Does it check that links on the destination website are not malicious as well?
Any technology solution you will choose would have to be properly implemented, kept current, and managed for it to be effective. Make sure you have expert to support you throughout the life cycle and when incidents arise.