This is number three in our series that will aim to provide you with more guidance on the fundamentals of cyber security, this time focusing on Email Security.
By focusing on these cyber basics you can significantly improve your cyber maturity and help prevent over 80% of the common cyber threats active today.
As we explained in the previous post, email has been the biggest vector used in cyber-attacks for many years, with over 95% of attacks delivered using email. Email attacks have a high success rate for the bad guys, which is the reason why they are only continuing to increase.
Most email attacks such as phishing, rely on deceiving the user, or impersonating a trusted source; the goal is to convince the target to click a malicious link, or download a malicious attachment. Once clicked or downloaded, you could be directed to a bad site that steals credentials, or malware could be installed on your device.
Now some people reading the above paragraph, will see phishing, clicking on links and downloading attachments, and immediately jump to Security Awareness training for users, as the preventative measure to stop these threats.
Although this is a reasonable jump, and is definitely a valid response to dealing with these challenges, like other controls it is not a silver bullet to the problem.
Just to be clear, there is no silver bullet single solution that can solve all your security problems.
Awareness training is a great tool, but we humans have a knack of making mistakes; even seasoned infosec veterans can fall victim and click stuff if they have a lapse in concentration or haven’t had enough coffee in the morning.
This is why training alone is not enough. In true defence in depth style, we also need technology to assist us with preventing threats, when these mistakes inevitably happen.
This is where an Email Security solution comes in, to protect our users from ever-present evolving email attacks.
Below we will cover some of the key benefits provided by modern Email Security solutions.
Spam is an unwanted junk email message that can originate from a business promoting ads for commercial benefit, or most often when used to deliver online scams. Typical scams include ‘You have won a prize - send us all your details so we can pay you’, or the old school Nigerian Prince scheme, that promises you millions in exchange for your bank account details. Spam has been a huge nuisance to users and email administrators alike for many years.
When email went mainstream in the 90’s, spam took off, bombarding users mailboxes with junk. The very first email security products focused on filtering out this spam.
Today, Spam accounts for more than 80% of email sent every day. According to Cisco Talos, during August 2020 they witnessed a total of 406 Billion emails sent, of which 344 Billion were Spam.
By preventing Spam you can increase productivity, allowing users to get to the important messages quicker, while email admins have less demand on their time having to deal with high levels of unwanted email.
While Spam is largely an annoyance due to the volume of unwanted emails received, phishing presents a very real threat to anyone with an email account. A phishing attack aims to trick the user into taking an action and handing over sensitive information.
Attackers send masses of fake emails to potential victims, mimicking real companies like Google, Facebook, Amazon and PayPal, in an attempt to steal your credentials, money, or personal information. Once the bad guys have your information, they can gain access to your accounts and company systems, commit identity fraud, or sell your personal information on dark web forums.
Attackers have real success with phishing, which is why some groups work hard on evolving their phishing emails, making them as convincing as possible. Unfortunately this makes it much harder for our users to spot, which is why we need technology, in the form of email security, to detect and stop it for us.
A common inclusion in most email attacks today, whether phishing or scams, is the presence of malicious links. These bad links, when clicked, direct the victim to an online site or service with the intention of stealing personal information, gaining access to user accounts (usernames and passwords) or downloading malware to infect your PC or mobile device.
With Email Security, users are protected via link rewrite and inspection features. Before the email is delivered to the users inbox the email security solution will change the link to point it to the email inspection engine. In the inevitable event that a user clicks one of these links, email security will inspect it before allowing access to it. If the inspection determines the link is bad, the user will presented with an onscreen block notification.
Like Spam, malicious email attachments have been around since the early days of email. With no real prevention in place initially, hackers would send virus file attachments to unsuspecting users, knowing they had a very high probability of being opened. Once executed the attachments infect the device with malware (viruses, trojan horses, worms etc.), gaining control of the device, deleting files, or spreading the malware to other users.
Although mail services have improved in protecting users, the basic offerings do not deliver sufficient prevention. Attackers are now constantly evolving their malware to disguise it and bypass these default protection measures.
One of the biggest threats today is a piece of malware called Emotet. Emotet is a great example of advanced malware, that leverages email to infect its victims via malicious Office document attachments. More information on Emotet can be found here.
Email security is a must for enabling effective protection against malicious attachments. Each vendor solution works slightly differently, but essentially the attachment is scanned prior to the email being delivered to the user. If it is deemed bad the attachment is quarantined immediately preventing the threat; typically email security then notifies the user and email administrator of the block.
The third post in the cyber basics series covers the essentials of email security and the benefits to an organisation. With email being a primary starting point for cyber-attacks, securing your email services has never been more important.
As described, continuing with the basic security measures provided by email clients and services is not enough to prevent todays modern emails attacks. Vendor solutions such as Cisco’s Email Security / Cloud Mailbox Defense, Microsoft’s Advanced Threat Protection, and Proofpoint’s Email Security / Essentials for Small Business, are just a few examples that can significantly improve your email defences.
We have not included an exhaustive list of features here, instead we have focused on some of the key benefits and protection points email security can provide.
To summarise, Email Security:
To conclude Email Security is an important component of your Cyber Basics delivery.
We hope this post has been useful and please stay tuned for further articles in this Cyber Basics series.
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.