Why is email protection necessary?
According to Barracuda, there are 13 types of email-based threats that companies need to protect against for a start—ranging from the most minor, such as spam, malware and URL phishing. To the more complex and challenging to defend against such as brand impersonation, conversation hijacking and account takeover.
According to Statista, following a survey of global MSP's (Managed Security Providers), there were 304 million ransomware attacks (not attempts, attacks) worldwide in 2020, a 62% increase on the year before. Statista goes further to report that 54% of these cyber security attacks originated via email. Twice that of the following cause, which was poor user practices (27%).
With the number of threats increasing, statistics like that make for alarming reading. Email Security is a must for any business. It's not that employees or users are asleep at the wheel or negligent. The issue is that cybercriminals are very clever, and they leverage the weaknesses in businesses to their advantage exceptionally effectively.
Hiscox, the business insurer, estimates that small businesses' average clean-up cost is just shy of £30,000 following a cyber security incident. It's hard to argue that an investment in email security is not as equally significant as the cyber insurance that a company like Hiscox provides.
Email security plays a significant part in protecting employees and users against this attempt to catch them off guard and, in doing so, protects the business. As with any other type of insurance policy, it is not bought in the hope you become a victim. It is bought to prevent you from becoming a victim.
How does email security work?
Email security works by receiving and sending emails through a secure email gateway (SEG). This gateway can be hosted on-site and site within your network or hosted by an emails security service provider in the cloud.
All inbound and outbound email is routed through this email security gateway. Different and multiple inspection processes are performed before the email is delivered, rejected/blocked, or quarantined for further user evaluation.
The most common inspection processes and technologies are things like spam and anti-virus filters, matching against known IP and address reputation databases and most recently and futuristically artificial intelligence technology.
Emails Security platforms make wide use of SPF, DKIM and DMARC protocols to know whether to accept or reject mail, however, these protocols will only help with known threats.
DMARC – Domain-based Message Authentication, Reporting & Conformance is a policy that authenticates email. These policies are broadcast through the Domain Name System, which is public and means that anyone can add DMARC to help prevent their email domain from being hijacked or spoofed.
DMARC is an extension of the commonly used SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Message) protocols. However, these protocols are nearly 20 years old (DKIM was introduced in 2004 and SPF in 2000).
Common standard technologies such as spam, anti-virus, and IP/address filters respond to known threats. AI technology is now being used with some vendors to address what are referred to as Zero-Day Threats. Zero-Day Threats are attacks that have not been seen before nor have no known IP or address reputation footprint. Tools such as sandboxing and behavioural inspection can ensure that email traffic that falls outside of familiar routes and protocols, (e.g. the FD asking the Payroll Manager to transfer money somewhere when this has never been a request before) is safeguarded. Sandboxing this email has the aim of catching threats that bypass standard anti-virus and spam based inspections.
What are the types of email security?
Email security covers many protections, all of which aim to screen out email threats before they arrive in a user's inbox or from being broadcast outside of your organisation.
Most commonly, users will recognise features such as Virus and Spam filters/protection. Still, with email being the number one source for instigating a cyber-attack, comprehensive email security needs to cover so much more.
Anti-Phishing protection is a must-have. Phishing is a process where the attacker has the sole purpose of stealing personal or highly sensitive data, such as financial details or details that could allow them to impersonate you or your company.
Email phishing is by far the most common. It is often delivered using a blanket/mass blast approach, which leads the recipient to an exact copy of a well-known or familiar website, where the details you input end up in their database for later use.
Spear phishing is a much more targeted approach, where specific targets (e.g. a Financial Controller or Payroll Administrator) are explicitly targeted in order to attempt to have funds paid outside of the organisation.
Regardless of what type of phishing is employed (Email, Spear, Whaling, Clone etc.), a well-engineered email security platform should have robust Anti-Phishing policies that can defend against a whole range of attacks.
Typosquatting detection and link protection are also high on the desirable list for Email Security. Typosquatting is where cybercriminals customise an email template in the brand of a well-known organisation, like your bank or email provider or favourite social media site. Hackers then insert a link that will launch malware if clicked or take you to a site where the hacker can capture sensitive details. An example of this might be www.faecbook.com . Anyone in a hurry or busy and not paying full attention may well miss that the 'e' and 'c' are reversed and click the link. By then, it's too late, the ransomware is deployed, and it's just a matter of time before the call comes with the ransom demand.
Link Protection is undoubtedly a feature of email security that can help. Any link within an email, whether this is from a trusted source or not, can then be scanned and even opened in a sandbox environment where the resultant actions can be launched in a contained environment that will not impact a live network. The sandbox ensures that any links within emails are from known or trusted sources, and if not, they are removed from harms way before being followed.
Filtering & encryption
Outbound email filtering and outbound email encryption are also used with a respected email security solution to ensure that any trojans, viruses, or malware made into a given network are not broadcast from your company email. Filtering and encryption prevent first and foremost, your company from being responsible for taking down a customer or supplier, which may cause irreparable harm to your stakeholders and your business reputation.
A business can employ extra protection for highly sensitive data (e.g. email emanating from board-level user accounts). An email security service could also encrypt email data so that emails that may be intercepted would be complicated, if not impossible, to decode.