This is the ultimate strategy to complete email security for your business
Email security is a top priority for small and medium-sized enterprises, but despite widespread awareness of the importance of being protected a massive 95% of attacks on businesses are still the result of email fraud.
Email threats are changing and evolving faster than ever before. The only way businesses can ensure they are protected is to invest in an email security strategy that spans the whole attack chain (also known as the email threat lifecycle). This means taking a proactive approach all the way from prevention to immediate or real-time hazard response.
Currently, there is a huge disconnect between organisational spending and the email threat landscape. Businesses are expected to spend more than £65 billion on cyber security in 2018, and yet email attacks are still more successful than ever. According to Verizon’s Data Breach Investigations report in 2016, 30% of email recipients open phishing messages, and 12% go on to click on infected attachments. And Proofpoint states that there is a 22% chance that any business will experience a data breach of at least 10,000 records within the next 24 hours.
So, what’s the problem? There seems to be a huge misunderstanding about how threats actually work and where they come from…
What are the most popular email fraud tricks right now?
1. Business Email Compromise
Also known as CEO fraud or imposter email, these are highly targeted but low volume email attacks. The fraudsters steal corporate identities (usually of high-level execs, but the data shows that this is changing as people at all levels of the corporate chain are targeted) to gain access to information and money.
Key techniques to watch out for here include:
- Spoofed email fields - such as changing the reply-to email address to one that looks internal, spoofing the display name, using similar domain names, and pretending to be a supplier or business partner
- Click bait subject lines - urgent language gets more of a response from employees, especially those in junior roles who believe a manager needs something done quickly. In the first quarter of 2017, the four most popular BEC subject lines were “Request”, “Urgent”, “Bank”, and “FYI”.
2. Outbound phishing
Generally, businesses are concerned with scanning and analysing the emails that come into the business. But have you ever considered what’s going on outside of your email gateway? A key area of growth in email fraud is outbound phishing. Cyber criminals will target your business's customers and partners with emails that look like they are coming from you in the hope that they can fool them into parting with finances or sensitive information.
While this might not seem like the biggest of issues as it’s not something directly targeting your business it can have serious repercussions and cause you to lose customers. According to CloudMark, customers are 42% less likely to interact with a brand after being phished or spoofed.
Outbound phishing emails ultimately happen outside of your gateway, but finding out it is occurring and identifying who by, is critical. While’s there isn’t any one way to stop this completely, a multi-layered defence strategy will help.
3. Advanced malware threats
While BEC is a relatively new method of attack, malware is the granddad of cyber threats. Over the last few years, the number of variants has exploded and traditional security defences are almost useless against them. In fact, according to Proofpoint the number of different ransomware on the market has multiplied 30 times over the last year.
A clear example of how systems struggle to keep up is sandboxing. Sandboxes run suspect code from URLs and attachments in a virtual space to see what would open if it was clicked. But a sandbox which worked last year would be disastrously slow when set against the sheer size and scale of the ransomware threats of today. Plus, it would have to be updated every time a new sandbox evasion technique was developed, inevitably slowing down the software and putting you at risk.
From ransomware to zero-day exploits, weaponised documents, and polymorphic malware, security solutions need to be robust enough to keep up.
So what are the 5 steps to a complete email security strategy?
1. Check your visibility
The first step in any email security strategy is to implement strong threat intelligence so that you can understand the scale of malicious email to your business.
The solution that you decide to use must be able to match up and analyse threat data, therefore revealing who exactly is being targeted, who you are being attacked by, and what they are trying to steal. By conducting a threat analysis of your business you will more effectively defend it against attackers.
2. Install email controls and implement content analysis
As a business, a key goal of your email security has to be keeping control over the messages that come into your environment. As such, you will need an email security system that has granular classification that looks for not only malware and spam but also distinct types of email that target employees.
These are emails like bulk mail, BEC attacks, adult content, and credential phishing, for example. You’ll need a classification tool that uses advanced sandboxing capabilities; looking at all URLs and attachments in real time when they come to your business’s gateway.
You’ll also want to be able to tailor your email policies to fit your company. Allowing this level of customisation gives employees the opportunity to choose how they want to handle mail and may enable them to spot email fraud more easily.
3. Enable email authentication
Protecting against emails coming into your business is critical, but as we discussed in the outbound phishing section above, emails being sent to customers and external stakeholders outside of your protected gateway is going to cause a threat to your business too.
Authenticating email with Domain-based Message Authentication Reporting and Conformance or DMARC provides a solution. Using this allows you to ensure that your email is authenticated against a Sender Policy Framework and Domain Keys Identified Mail standards. DMARC stops email fraud from any domains (from active ones to any non-sending ones under your business’s control).
With this knowledge, you will be able to more easily keep a check on who is sending email from your business, and block any threats.
4. Stop data loss
You’ve got solutions in place to stop threats coming into your business, now you also need to protect sensitive information if and when it leaves your email gateway. As such, you need to implement a security strategy that is prepared for threats that do make it through, either from not being picked up by your defences or by human error revealing sensitive information.
Your email security solution needs to combine encryption with a data loss prevention plan. This way any sensitive information leaked is protected. If you are wondering what to do in the first 48 hours after a data breach, read this.
5. Real-time response
Every complete email security strategy must include real-time response to threats. No security system can stop every single attack. If that was the case then we wouldn't continue hearing stories of phishing emails and data breaches.
As such, real-time response to threats is of huge importance. Real-time response works by continuously recording and analysing network communications, and identifying and prioritising suspicious or malicious behaviours internally or externally as they happen. With this solution employed at your business, you will be giving yourself the most complete protection possible.
Despite all the technology available for you to deploy, your best first defence is understanding the threat and preparing for it. Find out what the risks are to your business, analyse weaknesses, and create an email security program that covers the complete email threat lifecycle.