On average, more than 300 billion emails are sent and received worldwide every day. Thus, e-mails can rightly be described as the most important means of communication in modern business life – and at the same time it is the number one threat vector for the digital security of companies. Because in the great flood of e-mails every day there are various e-mails with payment requests from suppliers, communication with investors and other formal and informal correspondence. The sender and recipient usually know each other, but not always, and therefore messages from outside their own network in particular are always a particular risk for companies to become victims of fraud.
Organizations try to protect themselves against this threat with perimeter-based security strategies. But the clear trend of the last two years towards more home office has created a new working reality. This eliminates the need for perimeter-based defenses, or at least significantly reduces their importance to organizational security. Because most attackers do not even try to break through the firewalls with technical approaches and thus get into protected environments. Instead, attackers take advantage of the cloud, just as legitimate organizations do. However, the advantage for the cybercriminals is that the security measures in the case of the cloud usually pose fewer obstacles for them.
In this changing IT landscape, it is clear that the security model based on defending a well-defined environment can no longer work. It is therefore time for companies to adapt their security strategies to these changing conditions. The focus must be on the factor that is most frequently attacked: the human being.
Human interaction almost always necessary
To put this in concrete terms, cybercriminals have shifted their focus from infrastructure to people. More than 99 percent of all current cyber attacks are therefore triggered by careless or unsuspecting employees. You open a website or file infected with malware without even being aware of this threat.
With an increasingly hybrid workforce, low security awareness, and limited employee contact with IT teams, phishing attacks often target unwary employees who inadvertently share critical credentials and data with cybercriminals. As a result, the new model of cybersecurity begins at a new frontier—people. Because many digital attacks such as ransomware, phishing and business email compromise (BEC, also known as CEO fraud) have one thing in common: people, employees, are the first target of almost every attack.
Cyber criminals often use social engineering techniques to trick employees into opening a specially crafted document, clicking on a malicious link, entering their credentials on a supposedly legitimate website, or even fulfilling requests such as transferring money. Social engineering means that the attacked people are often observed by the hackers for weeks or even months, this also includes social media so that they can then be manipulated more easily. Defending against such human-targeted email attacks requires a security strategy that encompasses people, process and technology.
Five steps to more security
Email threats are multifaceted, and their number and variety is growing faster than ever. To defend against this, organizations must invest in an end-to-end email security strategy that covers the entire email attack chain—from proactive prevention to real-time threat response.
Step 1: Visibility
To effectively protect organizations from email attacks, those responsible need to be aware of the threats they are exposed to. Comprehensive and well-collected threat intelligence applied to email traffic analysis to understand the full extent of malicious email is an important first step. But that’s not enough. A solution should be implemented that correlates and analyzes the threat data to find out who is under attack, who is attacking the organization and what information they are trying to steal.
Step 2: Deploy email control and content analysis
Controlling what messages get into employees’ inboxes is critical to email security. The cybersecurity solution must therefore provide granular classification that doesn’t just look for spam or malware. It must also be able to identify as many different types of email as possible (whether malicious or not) that are intended for employees.
These potentially malicious emails can include bulk mail, credential phishing, BEC attacks, adult content, and more. The email classification tool should have advanced sandboxing capabilities that can analyze each attachment and URL in real-time as they arrive at the corporate email gateway.
Step 3: Authenticate the emails
Outbound phishing emails that target customers and partners outside the gateway also pose a serious risk to organizations. Outbound here means that cybercriminals misuse the corporate domain for a cyberattack. Email authentication, especially DMARC (Domain-based Message Authentication Reporting and Conformance), is currently the best solution to counteract such threats.
DMARC ensures legitimate emails are properly authenticated. At the same time, however, DMARC blocks all fraudulent activity from domains under your company’s control (e.g. active sending domains or non-bending domains).
Step 4: Data Loss Prevention
Organizations can do a lot to prevent criminal intrusion. However, it is often neglected to ensure that sensitive data cannot leave the company electronically. However, an effective e-mail security strategy takes this into account as well – namely that employees inadvertently disclose sensitive data. This means that the e-mail security tool not only looks at incoming data, but also at outgoing data. Ideally, it combines encryption with data loss prevention (DLP). This reduces the risk of losing the data and the encryption also ensures that the data cannot be used even if it is stolen.
Step 5: Real-time response
No security solution can block all attacks. Therefore, every company must be prepared for emergencies. That means responding to an incident must be part of a comprehensive security strategy. Because, as the current reporting shows, the criminals are unfortunately always successful – viewed from their own perspective. Then it is important to react quickly and in an organized manner in order to minimize the possible damage of the attack. And the better prepared a company is here, the greater the success in containing the attack.
Together, these five steps deliver a sustainable improvement in the digital security of companies. Because only the combination of technology and people, based on an intelligent, comprehensive and forward-looking security strategy, will help to set the hurdles for the criminals so high that their attacks will no longer be crowned with success. In short, the best defense is knowledge, understanding and preparation.