According to IBM and Ponemon Institute’s Cost of a Data Breach Report the probability of an organization experiencing a data breach within the next two years is 29.6%. Furthermore, in this year’s Verizon Data Breach Investigations Report (DBIR), it was discovered that 94% of detected malware came through the email attack vector for the average company.
While these statistics are startling and would alarm any individual, many still choose to ignore the need for email security.
Numerous businesses, especially SMBs, operate under the false belief that what is built into their basic email security clients like Gmail and Outlook is enough to protect them. This could not be further from the truth.
While there is no hiding the fact that these clients have made significant improvements to their email security functionalities, what they have done to better their products still fall immensely short of the capabilities of threat actors.
Why should we care and what should be done about the attacks on this critical vector? We answer that and more as VIPRE Security sounds the call to better email security.
Recent Attacks Prove Why We Need Email Security
A little over a month ago three separate municipalities in the U.S. state of Florida, Lake City, Key Biscayne, and Riviera Beach, experienced separate but similar phishing-based ransomware attacks that crippled their IT infrastructure. They ended up having to pay cybercriminals upwards of $1 million in ransom.
Sometimes organizations may refuse to pay the ransom and it could end up costing more to recover if not prepared for this type of disaster. Just ask the cities of Baltimore, Maryland and Atlanta, Georgia how this is going. Both were crippled by ransomware attacks and recovery costs are estimated to be more than $18 million for Baltimore and more than $20 million in Atlanta.
Ransomware is a prevalent threat with no signs of slowing down. This devastating malware is most often distributed via email either through a clickable link or buried in an attachment, most likely disguised via Microsoft Office macro. Once opened, these malware, depending on their variant, will distribute throughout the system and often lock down all machines that are vulnerable on that network.
Even if email security measures are implemented, cybercriminals have become extremely innovative when it comes to bypassing them.
How Cybercriminals Bypass “Email Security”
There are numerous ways by which threat actors can bypass standard email security measures included within general email clients. They can even get past some in some advanced email security products as well. While we can’t cover them all, here are a few popular ways they bypass your organization’s measures.
First, hackers can weaponize various forms of email messages. One of the most popular ways to make it past general email security measures is weaponized graymail (i.e. promotional emails, newsletter, etc.). This message type often launches from popular marketing automation solutions. General email filters will trust this source possibly if it looks reputable.
Within graymail and other emails, the second way through general email security measures, even some advanced solutions, is delayed link weaponization. The advent of shortened URLs (i.e. bitly) and simple URL redirects have allowed for malicious actors to wait until after an email is sent and more likely through filters to redirect the original link. If a link doesn’t appear malicious upon initial scan it will be delivered to an inbox.
The third common method utilized is concealment of malware within email attachments. The one seen most is via Microsoft Office document or spreadsheet. Threat actors will embed macros that take advantage of VBA (Visual Basic for Applications) programming in Microsoft Office files. Once the document is opened and the macros run, malware coded into the VBA will begin to infect all files that are opened using Microsoft Office. This method is so prevalent that even Verizon’s DBIR states that around 45% of all malware in the email threat vector is delivered via attachment.
While these are only a few simple ways cybercriminals bypass email security, the responsible party for the attack is often the victim organization itself.
Where Organizations Fail with Email Security
Organizations fail when it comes to email security in multiple ways, but one of the biggest failures is ignoring the need for it altogether and trusting too much in the basic filtering included in standard email clients. These clients (i.e. Gmail, Outlook, etc.) are only equipped with passive spam filtering. This means that messages are only evaluated on pre-determined parameters which basically assess if has seen this format of message and/or attachment before. The message is cleared through to an email inbox on reputation alone. Additionally, many of these messages just get deposited in a spam folder which is not as safe as a quarantine.
Another area we see many organizations fail in when it comes to email security is relying on their end-users to correctly identify and report malicious emails that may make it through filters. While end-user training is a must for any organization, it simply is not enough to secure your most vulnerable threat vector.
When it comes to human error, IBM has identified that 95% of all cybersecurity incidents involve some form of human error. End-users are under enough stress with their current jobs as is. While some are quite effective at determining malicious emails, the better policy is to makes sure malicious messages never even reach them.
With a plethora of potential pitfalls within organizational email security, it is important to not just focus on the negatives. It is important to instead pinpoint the hopeful future in which businesses and other firms can improve to ensure that malicious attacks via email never occur.
How Can Organizations Improve?
There are numerous ways for organizations to improve their email security capabilities.
The best method is implementing a layered cybersecurity approach. This means you must use “layers” of protection for various access points and ensure it isn’t just one step that malicious actors must take to penetrate your system. While this often includes email, endpoint, and network security measures, we will focus primarily on email security solutions for the purposes of this post.
The most effective way an organization can begin their improvement in email security is by use of solutions with active filtering. In comparison to passive filtering, active filtering examines every single message on an individual basis. The solution will run it through numerous layers of protection which protect from both known and emerging threats. Some of those layers include protocol errors, blacklists, initial threat scans, large file holds, advanced policies that block malicious extensions/attachments, and a custom scan against a proprietary rules list. Just to start with a stronger solution which not only scans these emails, but also quarantines potentially malicious ones can improve email security by dramatic amounts.
Another way we see organizations improve their email security policies is through the utilization of attachment sandboxing. Attachment sandboxing helps to evaluate the individual attachments that come with email messages.
These solutions take the attachments and place them within a virtual protected environment or “sandbox”. Once there it will be opened to see if there is any malicious activity or attempts to download additional components that could also perform nefarious activities. If you’d like to learn more about attachment sandboxing you can read our article on it here.
Finally, one of the other major recommended email security measures for organizational improvement is through proper archiving/backup procedures. No matter what the size of your business, your primary form of communication is via email. The average employee sends and receives around 129 emails daily, with much of that being crucial business information. Properly backing up your email and utilizing a solution with continuity measures as well will ensure that business can go on as normal.
Hopefully you have recognized the need to take email security seriously. However, you may be wondering, “Where do I go from here?”
One of the best places to start in constructing your layered cybersecurity approach is by downloading one of our most popular eBooks, “A Business Owner’s Guide to Cybersecurity”. This report delves into how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
Once you have become a layered security expert, why not take one of our award-winning and easy-to-use business cybersecurity solutions for a test drive. You can find all our free trials in one place by clicking here.
No matter what solutions you utilize, email security is a necessary component of any competent cybersecurity strategy. Enterprise organizations and SMBs alike must protect themselves from today’s most prevalent threats being delivered through their most susceptible threat vector. If this significant vulnerability is not addressed, you may find yourself paying massive fines, large ransoms, or even worse…closing down your business.
The post A Call to Better Email Security appeared first on VIPRE.