Email Cybersecurity Must Evolve to Combat Threats
Every business that takes cybersecurity seriously has a multi-layered approach to defending its uptime and data against the ocean of current threats. In 2021, those menaces range from ransomware to software supply chain attacks to breaches of cloud data repositories. To fight them, we deploy a variety of technologies in front of and inside our applications, networks and endpoints. We hire tech staffers skilled at threat hunting and vulnerability management. We drill our employees on good password hygiene and security awareness. And where do attackers still defeat our carefully, expensively constructed array of cybersecurity countermeasures? Email.
That’s right: Dull, ubiquitous, ancient-but-still-essential email provides the means for delivering a whopping 94% of successful malware-based cyberattacks, per Verizon’s 2021 Data Breach Investigations Report. These inevitably involve phishing: Emails that use social engineering techniques to lure unwitting users into trusting the purported sender enough to click on a link or open an attachment, catalyzing a ransomware attack or worse.
Research from Acronis Cyber Protect Operation Centers detected a 62% increase in phishing attacks in Q2 2021. Living our lives on social media makes the job of crafting convincing phishing emails easy (“Hello, college alumni association; happy to click on your link!”). The billions of credentials that have been compromised by large-scale data breaches in recent years provide access to another rich trove of raw material for composing convincing phishing emails as well as seemingly trustworthy email sources. Our pandemic-driven reliance on remote work makes fake login pages for Zoom, OneDrive and other collaboration apps more effective lures. Crimeware-as-a-service has recruited legions of low-skilled cybercriminals to become phishing email manufacturers and distributors. As long as it works, adversaries will continue to lean heavily on email as the easiest, most profitable attack vector.
Cybercriminals’ Evolving Tactics
Their tactics keep evolving, taking advantage of new technologies like machine learning to iterate and optimize their phishing schemes. In 2021, you’re much likelier to get a phishing email from a source that looks legitimate because, in fact, it comes from a legitimate account—just one that has been compromised by an attacker, increasingly by abusing a SaaS application or trusted cloud. Multi-factor authentication isn’t as bulletproof as it once was thanks to MFA and OAuth phishing techniques. Business email compromise (BEC) attacks targeting executives has become a growth industry, as your typical higher-up is likelier to be able to move large sums of money, wield elevated administrative privileges, and have access to sensitive intellectual property and employee information.
To combat these newly sophisticated, more finely-targeted and increasingly costly attacks, businesses must consider deploying a combination of time-tested and new defensive techniques that collectively fall under the rubric of advanced email security, which includes:
- Content checking that includes maintaining block lists of known malicious senders, filters on suspicious keywords, sender reputation checks and spoofing countermeasures to verify senders
- Attachment analysis techniques that include dynamic sandboxing to open attachments and watch for malicious behaviors, AV scanning enhanced by file blocklists, static file analysis and content disarming and reconstruction (CDR) to catch embedded malicious macros
- Expansion of the scope of email protection to include cloud-native applications, inline pre-delivery, XDR and automated indicators of compromise (IoC) sharing
- Contextual awareness that uses AI and natural language processing to flag suspicious emails by comparing their content, context and sentiment against known users’ writing styles and behaviors
- AI-based analysis to track and baseline normal user behaviors to better identify anomalous behaviors, e.g., suspicious timing or origin of emails
- Greater data collection through the use of honeypots and spam traps, augmented with user-oriented measures like the implementation of reporting forms and regular use of phishing tests to measure user security awareness
- URL analysis to identify spoofed sources through URL scanning, analysis via OCR and image checking and post-delivery URL checks.
Back to Email Security Basics
This array of tactics has become an essential new arsenal in the fight against email-borne cyberattacks. Meanwhile, tech leaders must not neglect certain essential, foundational measures:
- Strong authentication remains a critical tool to protect against the kind of account compromise that makes it easy for attackers to send malicious emails from known, trusted sources. Without it, “Only open emails from sources you trust” becomes much weaker.
- Encryption and email signing can be costly but effectively protect against attackers attempting to compromise emails at various points along the delivery path.
- Cybersecurity hygiene should include routine checks on email configurations and vigilant monitoring of email logs, however rote and dull that work can be.
- A well-crafted and frequently rehearsed incident response program will help contain and minimize the data loss and downtime that results when an email-borne malware attack inevitably manages to evade your defenses.
The outlook for the growth of cybercrime is grim: Last year, research firm Cybersecurity Ventures projected its damages worldwide to increase by 15% per year, reaching $10.5 trillion by 2025. That means that cybersecurity pros will have to remain vigilant and keep investing in processes, people and technology to keep pace. Given the ongoing, overwhelming popularity of email-borne attacks, the triage-minded among us will correctly place renewed emphasis on shoring up our defenses with advanced email security.
