Your email inbox is a hotbed for potential threats, which makes email security a topic that you should not ignore. Email threats have been around for some time, but these threats are continually evolving, which means your knowledge should be as well. The threat landscape is dynamic, and we want to prepare users for the latest trends.
Barracuda Networks has put together a report on the latest security trends, and we’ve highlighted the most significant news to keep users up to date.
On Trend for Email Security
1. Growing Targets
According to the research a full 87 % of the 634 IT security professionals surveyed, said their company had faced an attempted email-based threat in the past year. Unfortunately, email threats are only getting worse. 81% of respondents said the frequency of email-based attacks has increased in the past 12 months, and the same percentage said the cost of a breach had risen as well.
2. Get Rich Quick
Company size played a significant factor when it came to what type of email security attack would be most expensive for their company. IT professionals at organizations with more than 5,000 employees were most concerned about stolen information (52%). IT pros at small to medium-sized companies (SMB) thought ransomware (44%) or business email compromise (30%) would be more expensive.
When a cybercriminal formulates a new attack, large enterprises will often experience these threats before they hit the SMB are often the first to be targeted by new types of attacks, with the danger spreading to the SMB markets after. That’s why SMBs are seeing a lot of ransomware right now, but based on what’s happening at the enterprise level, small businesses need to get ready for spear phishing and account takeover, two emerging threats.
3. Everybody’s at Risk
No matter what level in the firm you are, you are at risk. IT professionals believe that both executives and average users are susceptible to falling for a fake email. 46% thought individual contributors would be most vulnerable, while 39% said executives would be most likely to be tricked. It’s important to remember that executives have access to more sensitive data which means a higher payout for criminals. It’s a factor that helps explain the increasing popularity of spear phishing and whaling.
Email Attacks are Working Smarter not Harder
Ransomware and business email compromise are considered newer threats in email security. However, they’re quickly becoming popular with cybercriminals because they cut out the middleman. With ransomware and spear phishing, the criminals get paid directly instead of waiting to find a buyer on the dark web for the stolen information.
Spear phishing is more targeted and personalized than other phishing attacks. Currently, legacy email security solutions can’t stop these attacks because there aren’t any malicious links or attachments. Instead, they usually feature seemingly legitimate requests to wire money.
These attacks can also evolve into account takeovers. Savvy cybercriminals are using spear phishing to get Office 365 login credentials for targeted individuals and then using the compromised account to send more convincing spear-phishing emails to other individuals in the organization.
Such a savvy attack means that training and preventative measures are critical. These threats can most times be undetectable to the human eye and require machine learning to analyze communications patterns to identify and prevent spear phishing attacks. A product like Barracuda Sentinel can do this since it is an API-based program and not gateway-based. This means it can detect attacks the gateway can’t, such as a compromised account sending out bad emails internally. Using artificial intelligence (AI), the Sentinel platform can also help identify individuals that are most likely to be at risk for spear phishing so that users can have anti-fraud training.
Sentinel also includes an intuitive wizard for setting up DMARC (domain-based authentication reporting & conformance). Enabling DMARC helps ensure deliverability of legitimate emails and prevents unauthorized emails from being sent from customer domains.
Ch-ch-Changing your Email Security
In light of these trends, it’s essential that your firm is doing everything possible to help strengthen their email security. For example, as Office 365 and other cloud applications gain popularity, many companies are relying on the native security included in those platforms. Unfortunately, that native security doesn’t offer the same level of protection as third-party solutions.
Firms should establish a multi-layered approach to security to keep their businesses more secure. This approach starts with standard email security, but then you need to add backup and archiving. Now, you need to add the next layer of protection to address spear phishing and account takeover.
Easy-to-deploy, easy-to-manage, multi-layered security solutions are the ideal choices for firms who want to start fully protecting from email threats.
This layered approach includes:
- Email Security with Advanced Threat Protection to stop advanced threats before they reach your customers’ inboxes
- Cloud-to-Cloud Backup for Office 365 to protect Exchange Online mailboxes
- Cloud Email Archiving Service to ensure compliance
- Barracuda Sentinel to provide AI-based fraud detection and protection against domain spoofing and brand hijacking
Spear phishing and account takeover isn’t the end, though. The threat landscape will continue to evolve, so it’s time to start adopting email security best practices. To help train users, services such as PhishLine provide security awareness training that includes advanced phishing simulation.
It’s crucial you begin securing your email. Otherwise it may become too late and your firm will wind up paying the (VERY) expensive consequences.