As email becomes increasingly central to business communications, cyber criminals have escalated their efforts to find new and innovative methods of using email to breach corporate security.
Even as email security threats become more pervasive, corporate dependency on email remains high and continues to grow, with a typical corporate user receiving 75 emails a day on average. This can lead to heightened risk for companies. Email is a common vehicle that cyber-criminals use to fraudulently entice recipients to hand over sensitive information, open attachments or click on malicious links, that then infect the victim’s device with malware.
In 2021, email attacks are more sophisticated and more prevalent than they have ever been before. Threat actors are aware that the most common method of commercial communication for 74% of all adults online is email. They understand how businesses operate and know that email is the preferred method for communicating confidential business information. They also know that many businesses would find themselves lost if they were left without access to email for even a day.
So, what are some of the top email security threats that companies are facing today, and how can we protect against them?
Social engineering is the process of employing manipulative and deceptive tactics to encourage victims to reveal personal or confidential information. This is a non-technical strategy that heavily relies on human interaction and allows cyber attackers to gain access to sensitive information by exploiting people’s natural inclination to be trusting – bypassing the need to hack your software with technological means, like malware.
Although that is not to say that social engineering attacks don’t involve an impressive amount of effort, because they do. These attacks are extensively researched, well-planned, and executed so flawlessly that the target may remain unaware until the wider effects of the attack become apparent. And if you think that your people are too clever to possibly fall for these tricks, be warned – even seasoned IT professionals have been hoodwinked before. A recent survey revealed that 43% of IT professionals participating had been targeted by social engineering schemes and that new hires are particularly susceptible to attacks. A successful social engineering attack can have a devastating impact on your organization.
To mitigate your risk of falling victim to social engineering attacks, you can invest in security awareness train (SAT) for your workforce (read our list of the Top 10 Security Awareness Content And Development Solutions to learn more). This helps by ensuring employees can correctly identify suspicious behavior, while also empowering them to say ‘no’ and not bend to manipulative tactics. Another good practice is to verify the sender’s identity if they are behaving unusually or acting suspiciously pushy.
Implementing email security solutions can also help to protect your users against social engineering. There are a range of solutions that analyze email content, both at the gateway and inside the email inbox, for signs of phishing attacks, and automatically remediating against them by quarantining the email or placing a warning banner on suspicious email messages. You can read our guide to the top Phishing Protection solutions here.
Ransomware is a type of malware that holds your files and data to ransom, with a demand for payment in order to relinquish control and allow you to regain access. In the past ransomware was a largely obscure term mostly used by security experts, but in recent years it has become a more widely known threat as the attacks got bigger, the targets more familiar and the repercussions wider reaching.
Ransomware attacks via email are steadily rising. For a while attackers were mostly using remote ports, insecure public facing servers and various other enterprise network vulnerabilities to encrypt entire networks. However, Proofpoint researchers have seen that there has been a small increase in the volume of ransomware sent as a first stage payload via email campaigns. The ransomware is typically disguised as a legitimate email attachment and sent to users with the aim of getting them to unwittingly open these malicious email attachments, leading to an infection. Cyber-criminals also often hide ransomware links in a link button or in the body of the email. According to Mimecast’s The State Of Email Security 2020 report ransomware has the potential to really wreak havoc, with just over half of the respondents (51%) claiming that their organization was impacted by ransomware, listing loss of data, downtime, negative impact to their reputation and financial loss as the main problems caused.
Mitigating ransomware attacks usually involves setting up and testing backups, as well as making sure to apply ransomware protection in security tools like email protection gateways and endpoint security solutions that scan email attachments and URLs to detect and automatically quarantine potentially harmful files and websites. User training is another layer of defense to protect against ransomware, to warn users against clicking suspicious links or opening unknown attachments.
Account compromise takes place when users lose control of their business accounts to cyber-criminals. When it comes to cloud-based business environments like Gsuite and Office 360, account compromise can lead to attackers gaining access to multiple applications, potentially leading to other user’s accounts being compromised and important company data being stolen.
Business email compromise (BEC) is a type of phishing attack where cyber-criminals impersonate someone high up in the business (often the CEO) with the aim of exploiting our trust in these individuals. Once they have done this, attackers will attempt to get an unsuspecting employee, vendor or customer to provide access to confidential information or transfer funds. Closely connected to BEC is email account compromise (EAC), which is a sophisticated attack method in which cyber attackers employ a variety of tactics – including phishing, password spray, and malware – to achieve entry to legitimated mailboxes by compromising victims email accounts. With this type of attack there are generally two victims involved – the person who had their email account compromised, and the person who is tricked by the fraudulent requests from the compromised email account.
There are steps you can take to mitigate the potential for disaster in the case of account compromise. Things like avoiding including sensitive information – like passwords, credit card numbers, passport numbers, or any other government issued identification – in the emails you send. It is also good practice to ensure you and your employees are able to recognize different types of scams; a good Security Awareness Training solution can help with this (read our list of the Top 10 Security Awareness Content And Development Solutions to learn more). We also recommend implementing organization-wide policies to use strong passwords and the use of two-factor authentication or multi-factor authentication, which helps to secure accounts against compromise by adding an extra layer of account security.
In the past spam was mostly just an annoyance for email users, but nowadays it can be used by attackers to target organizations and lead to serious security breaches. When using the term ‘spam’, we are usually referring to an unsolicited commercial email, often sent from someone looking to sell us something. Those sending out spam emails are not always trying to get their hands on our sensitive information; some may be trying to elicit personal information to add to their database for further spam attempts in the future.
Spam messages are very common; in fact, they accounted for 47.3% of email traffic in September 2020 according to Statista. In that same research, Statista acknowledges that although many spam messages are simply harmless promotional emails, a significant number are more malicious in nature and are sent with the aim to damage or hijack user systems. Some spam emails can include malicious links that can infect your computer with malware. Spam is also one of the methods most frequently utilized by cyber-criminals to distribute ransomware, with more than 90% of ransomware being delivered through email.
It can be difficult to stop spam emails as they can be sent from botnets, which are a network of previously infected computers, which makes it hard to identify the original spammer.
Our advice for the organizations to combat spam would be to implement a spam filter/email gateway. These solutions can provide far greater admin controls to block spam, such as blocking all emails from certain domains and automatically quarantining malicious email messages and allowing end users to mark email as spam themselves, blocking emails from being delivered to their inbox.
Also, it’s good practice to advise users not to click on any attached files or links, even if they are opt-out or unsubscribe links, as spammers can use these links to confirm the legitimacy of email addresses, or even use the links to trigger malicious webpages or downloads.
Every bit of inbound spam that you receive must begin somewhere on the internet as an outbound spam, and typically this can be a good indicator that an account has been compromised and that a spammer has taken up residence in someone’s network to send out spam.
Spam exiting the network in the outbound direction is something service providers and enterprises should be keeping an eye on. Outbound spam can happen maliciously via a compromised account, which attackers then use to send out spam with malicious attachments or links. It can also happen accidentally, say if you are a marketeer and you sign up to a few mailing lists that help you to send out newsletters, but they end up sending out hundreds of spam emails. This can also happen through email spoofing, which occurs when a fake email address is created with a company’s domain to push out spam emails.
Outbound spam can lead to a devaluing of your brand over time and also has an adverse effect on customers who are receiving these spam emails, potentially falling victim to malware as a result. If left unchecked, it could also lead to your email addresses being put on deny lists. This effectively halts your ability to send out legitimate email traffic to all network customers, which is a serious issue considering how useful email can be as a communication and marketing tool with a significant return on investment (ROI) of $42 on average for every $1 spent of email marketing, according to Oberlo.
The way to protect against these issues would be with a secure email gateway solution, which would scan both inbound and outbound mail for anomalies. For instance, an if an employee who generally sends around 5-15 emails a day suddenly started sending out thousands, the outbound spam filtering solution would flag this anomaly, block those emails and identify the compromised account.
You can read our guide to The Top 11 Secure Email Gateway Solutions here.
Email remains one of the top corporate communication tools and shows few signs of going anywhere. With email being so commonly used and so useful for business communications, its no wonder scammers attempt to target organizations through email.
Email security is something all organizations should be making a priority. While many people are under the impression that only large companies might find themselves targeted by cyber-criminals, the truth is that businesses of all sizes are at risk and should be aware of potential threats, as all business owners know the importance of protecting their important data.
Luckily, there are things you can do to keep ahead of email security threats – starting with being aware of what potential threats you might face. We’ve put together a number of guides to help you find the right email solutions for your organization. Check out some of the articles below: