The Lowdown on Email Security Solutions
Home / Email Security, Email Protection and Email Filtering / The Lowdown on Email Security Solutions
Everything you need to know about email security solutions (but were afraid to ask)
It would be an unusual business that wasn’t dependent on emails to some degree. From the smallest solo business to a global enterprise, email makes the communication wheels go around. Because of the widespread use of email and its deep integration into our businesses and lives, email has also become the go-to vector for a cyber-attack.
The statistics show that email continues to be the number one threat with phishing threats increasing by 161% in 2021. Keeping email secure requires an understanding of how emails are at threat by both malicious and non-malicious persons (accidental insiders) and how to protect corporate email against these threats.
This is a guide to the building blocks of an email security solution and how they can help your organization beat email-related cyber-threats.
Email is the perfect communication channel for cybercriminals to exploit. Emails often carry sensitive data, may include proprietary intellectual property of a company, and can be used to socially engineer and manipulate employees. As such, the email provides an ideal mechanism to enter a company and further exploit its resources. But protecting emails is a holistic exercise that requires both inbound and outbound security mechanisms to ensure 360-degree protection.
Sign up for a FREE Demo of SpamTitan to learn how it works to protect your business from malicious email threats.
Book Free DemoEmail-based cyber-attacks cover a lot of ground, but some of the most prevalent are:
Spear phishing emails are highly targeted and used in complex scams including BEC (see below). However, they are also the perfect way to infect a company with ransomware. Spear-phishing is so-named because the malicious email focuses on individuals with privileged access to web servers and similar. If an employee falls for the sophisticated series of social engineering tricks inherent in a spear-phishing attack, the result can be ransomware infection. In 2021, 37% of organizations suffered a ransomware attack. According to the US Treasury Department, the average monthly ransomware transaction amount in 2021 was $102.3 million.
BEC was described in a recent publication from the FBI as “one of the most financially damaging online crimes.” Figures from the IC3 show that in 2020, cybercriminals exploited over $2 billion from U.S. businesses using BEC techniques.
BEC attackers use emails as the starting point of a complex scam that results in the theft of money, typically via a misdirected wire. The scam usually involves surveillance of emails; this may require an email account of a targeted person, such as a CEO, to be compromised. This is often carried out by sending a spear-phishing email that targets this person. This leads to stolen credentials, which allows hackers access to company accounts. Once that happens, the fraudster will watch the email traffic, looking for billing and invoicing opportunities to take advantage of. BEC fraudsters typically modify an invoice to include their bank details, the monies then being transferred to that bank.
Data breaches are still prolific but there is some good news. According to research from RiskBasedSecurity, in the first half of 2021, 18.8 billion records were exposed, which is a 32% decrease compared to H1 2020. However, as the year passed, data records continued to be exposed with 217 million data records breached in December. Data breaches, such as these, have been shown to originate with a phishing email. The 2021 IBM Cost of a Data Breach report, found that stolen login credentials (e.g. passwords) were the most common cause of a data breach. The report highlighted that these credentials are stolen by phishing. Reports consistently show that phishing is predominantly used to steal credentials, one report finding that 74% of phishing emails were used for credential theft.
The spectrum of email-borne cyber-attacks requires a holistic approach to email security in the form of a set of specialized building blocks that make up an email security solution.
There is a multitude of examples of compromised emails leading to cybersecurity attacks. These attacks cover a myriad of attack types and tactics. The common thread through all is that an email is involved at some point.
Cybercriminals sometimes use existing hacked email accounts to propagate phishing emails to make them look believable, and therefore, circumvent security awareness training. A form of phishing known as “email chain hijacking” uses compromised email accounts from previous phishing expeditions, to then send out legitimate looking phishing emails.
IKEA suffered an email chain hijacking attack that originated from compromised Microsoft Exchange servers. The attackers used IKEA mailboxes to send out malicious phishing emails, with a malware-laden attachment, to employees. IKEA was able to prevent continued damage from the attack using an email security gateway.
Around 14 IT service providers were affected by the Nobelium hacker gang, the group behind the SolarWinds cyber-attack. The SolarWinds SUNBURST attack began with a spear-phishing email that led to compromised Office 365 accounts. The result was that 18,000 companies across the world were infected with malware. In this latest Nobelium attack, resellers and the IT supply chain were targeted in an attempt to propagate malware across their extended customer base. Phishing of people with privileged accounts is the key tactic used by Nobelium to compromise corporate accounts and infiltrate downstream customers.
In 2020, the Puerto Rican Government found itself a victim of a $4 million BEC fraud attack. This attack involved a hacked email account, used to then send out seemingly legitimate emails, tricking people at some government agencies into sending funds.
This focus from the cybercriminal community on the very communication lifeblood of the enterprise, the email, means that an organization must have an email security strategy in place. Email threats are insidious and an ever-present threat. The problem is that these threats evolve, and advanced email security is required to tackle them. An email security strategy should cover several areas:
Having visibility is a vital part of understanding the threat landscape of the corporate environment. This should include an analysis of the types of threats your organization is likely to be at risk of, which email accounts are likely to be targeted by spear-phishing, which accounts may be spoofed, and so on.
An assessment of the likely threats and what form they take is needed. This should extend to phishing, spam emails, adult content, and potential BEC emails. An email security solution should provide the functionality to detect and respond to the various types of email-borne threats.
Sign up for a FREE Demo of SpamTitan to learn how it works to protect your business from malicious email threats.
Book Free DemoYour email security strategy should recognize the changing threat landscape of email-borne threats. These threats should not be limited to inbound email threats. Instead, your strategy should encompass changing threats across the entire email lifecycle from email generation to archival.
An email security strategy should cover both inbound and outbound email security threats. Data loss potential from outbound emails should also be analyzed to ensure that an effective email security solution can offer data loss prevention capability that does not impact employee productivity.
Email security is not achieved by using a point solution. Because email-borne threats are so diverse, they require a similarly diverse but focused response. An email security solution must offer several building blocks to protect against security threats to both inbound and outbound email: each protection mechanism being part of a layered approach to the security of email traffic.
Email protection software is a holistic system that provides detection, prevention, and response to cyber-threats that are email-borne. The building blocks that create an email security solution are:
Protection against phishing: solutions such as SpamTitan, are designed to block email spam and prevent phishing attacks. Anti-spam/anti-phishing protection is the foundation stone of an email security solution. Anti-phishing solutions carry out scans on any inbound emails to detect malware such as ransomware, and to check for malicious links. These scans stop phishing messages and the malicious links and/or malware they contain before they reach an employee's inbox. A single click on a malicious link can lead to a BEC attack or a ransomware infection, so this first line of defense is a crucial component of an email security solution.
Email encryption: the confidentiality and integrity of an email are protected by using encryption. Email encryption is, again, not a point solution but has several nuanced aspects, discussed later in this article. Comprehensive email security solutions will be able to apply encryption across a variety of email use cases to ensure the best and most optimized fit.
DNS filtering: phishing and spam emails often contain malicious or inappropriate links. DNS filters, prevent employees from navigating to spoof or infected websites by checking the link and preventing access before the nefarious website opens. DNS filtering is part of an email protection solution and adds an important layer of security to stop illegitimate internet access.
Email archiving: email archiving can often be forgotten when considering email security. However, making sure that stored emails are protected is a vital building block of an email security solution. Secure email archiving forms part of a wider email protection system and should be part of your overall security strategy. Secure email archiving provides the means for disaster recovery and business continuity. Archived emails are insurance against accidental data loss during outages and other events.
Protect your business from advanced security threats with SpamTitan email security. Learn how it works today.
Book Free DemoAn email security solution may have all the building blocks shown above. However, it is in the execution and delivery that sets a great email security solution apart.
Emails can be intercepted, hacked, and accidentally sent to the wrong person, potentially exposing sensitive data. Email encryption helps to prevent all the above, but there are many aspects to encrypting emails effectively. Email encryption is used to maintain the confidentiality and integrity of the body content and attachments within an email. Encryption is used to protect emails during transit and can also be used post-delivery. EncryptTitan delivers email encryption across the email lifecycle:
EncryptTitan uses TLS (Transport Layer Security) for protection during email transit. TLS is a protocol that allows an email to be sent encrypted when it is transmitted between sender and recipient. TLS prevents Man-in-the-Middle (MitM) attacks and so stops nefarious persons from hijacking emails as they are transmitted. EncryptTitan uses TLS-Verify, which removes any additional steps needed by a recipient to read the encrypted message; this improves the usability of email encryption, reducing human error associated with email encryption use.
TLS is a fundamental protocol layer in secure email transmission. However, end-to-end encryption of emails adds another layer to the protection of extra-sensitive emails. Using end-to-end encryption requires the recipient to authenticate themselves to decrypt the message; this ensures only the correct recipient can read the message.
Keywords or phrases can be used to trigger automatic email encryption; Email security that offers this method of encryption uses a set of keyword rules defined by a system administrator; if an email contains one or more of these words, the email will be automatically encrypted on clicking send. Email encryption solutions such as EncryptTitan, offer keyword encryption. However, these solutions must allow for the granular application of the rules along with the enforcement of encryption policies. For example, a solution should allow an administrator to set rules that define when an email is encrypted, for example, outgoing emails only.
Fraudsters are continually upping their game to evade email filters. But filters are an important first line of defense against malicious emails. Anti-phishing filters need to be smart enough to allow legitimate emails through, whilst blocking malicious emails. This comes in the form of several increasingly smart layers, each playing a part in the detection and prevention of phishing:
Filters are used to detect known words found in nefarious emails. Once found, the filter will block or quarantine the email.
Blacklists or whitelists based on known IP addresses and domains can be used to prevent/allow incoming emails
The header of an email can include spam indicators. These indicators can be included in filter rules. If an email header is recognized by the filtering rule it will be blocked.
The use of machine learning (ML) allows a filter to automatically update tactics to reflect any changes in environments and/or spam methods.
Heuristic spam filters use machine learning algorithms to identify spam. Based on a scoring system, incoming emails can be blocked or quarantined. Heuristic filters are reactive and useful in the current threat landscape.
This is a type of heuristic filter that creates increasingly effective rules over time: employees can also interact with the filter to help train the filter to increase accuracy.
Outgoing emails are as important to secure as those that are incoming. Email security solutions such as SpamTitan provide a two-way filter system to secure both inbound and outbound emails. In the case of outbound emails, this helps to stop sensitive data leaks. Protecting outbound emails includes checking corporate emails for spam and viruses to prevent the organization´s IP addresses from being blacklisted by global blacklisting services.
All the building blocks of an email security solution would be for nothing if the solution is not easy to use, administer, and deploy. In our cloud-first corporate world, any email security solution should be cloud-based. The centralized management afforded by a cloud solution will make sure that deployment across the expanded corporate network, including remote devices, is simple and fast. Cloud-based email security solutions also ensure that email protection updates are automatically rolled out across all devices and computers. The fast-changing nature of cloud environments and devices that need cloud-enabled deployment and management of an email security platform is essential.
Similarly, administration and management of the various components of a comprehensive email security solution should be easy to perform via a central console. This console should allow administrators to set up and maintain the policies and settings needed to manage email security easily across the enterprise email network.
SpamTitan has been designed as a comprehensive, intelligent, and multi-component email security solution. SpamTitan delivers a powerful set of email security building blocks to fit all the various email use cases of the modern enterprise. It is the attention to detail in its design, that means SpamTitan can offer the levels of granularity of choice and seamless integration with existing cloud apps such as Office 365, needed to take into a league of its own in protecting your corporate emails. Whether your emails are outbound containing sensitive data, or malicious and inbound hoping to steal data, SpamTitan will ensure that your company is continuously protected.
To keep your email security at peak fitness, sign up for a trial of SpamTitan.
Protect your business from advanced security threats with SpamTitan email security. Learn how it works today.
Book Free Demo
