Attackers frequently adapted their email-based techniques throughout 2022, cycling through new and old tactics in the hopes of evading human and cybersecurity measures.
Data from the 2022 OpenText Cybersecurity Threat Report showed a 1,122% increase in phishing in the first quarter of 2022 compared to 2021. Not surprising, there is no sign of a slowdown as email continues to be a primary attack vector in 2023.
An email attack has many ramifications, including reputational damage, compliance violations, fines and downtime - all of which can result in loss of revenue, customers and even business closure.
According to IBM, the average cost of a data breach in the United States is $9.44 million -$4.35 million globally. When you consider that the average small and medium business makes $2.1 million per year, you see that most SMBs are unable to sustain a breach.
As if the evolving threat landscape wasn’t enough, staffing issues, due in part to a complex economic environment, mean organizations are left to do more with less. With limited security resources and time, simple but effective security must be a priority.
Understanding Email Risks
While phishing, ransomware, business email compromise and spam are often the primary focus when discussing email threats, risks are not limited to inbound emails. Outbound emails also pose a significant risk. This is especially true when sharing confidential data and personally identifiable information. If not secured, a bad actor can intercept an email. And even if an email is encrypted, it doesn’t mean it is safe. If the sender is infected, they will infect others. Or, in the case of a nefarious employee, if the employee has unauthorized access to sensitive information, they can easily leak information through encrypted email unless policies are defined to control and prevent it.
Threat actors are refining their techniques while doubling down on long-standing phishing tactics and ransomware. They are using deep fakes, artificial intelligence and social engineering to evade defenses. Despite the discouraging numbers, all is not bleak. Data from the 2023 OpenText Cybersecurity Threat Report confirms that building a multilayered approach to defense is core to cybersecurity and cyber resilience.
Implementing a Layered Defense
A layered security approach should include detecting, blocking and filtering out malicious emails and attachments. Email filters can pick up on and quarantine suspicious messages. Artificial intelligence and machine learning can distinguish phishing emails from genuine emails and prevent any malicious content from reaching an employee’s inbox.
Encryption should be used by all companies, regardless of size. Often, smaller businesses forego encryption technology because it is perceived as being too cumbersome or simply not necessary. Encryption technology exists that is built specifically for SMBs and managed service providers; it is easy to use and implement. Look for software vendors that provide the public key infrastructure - PKI - rather than requiring a company to build their own. This greatly simplifies the encryption process as the vendor takes care of the encryption and decryption on behalf of the sender and the recipient. Because the encryption is handled behind the scenes, it is transparent to users.
Another option is a secure portal for use by third parties, partners, customers and others outside of network to initiate the email encryption that can be accessed anytime, anywhere from any device.
Visibility into encrypted email is essential for data loss prevention. To eliminate the threat of unauthorized users leaking sensitive information, implement data loss prevention policies to flag outbound encrypted emails that contain specific phrases, terms in the email header, content, and/or attachments to terms all that can be preset through policies
The ability to customize policies as well as import standard policy templates for compliance mandates such as GDPR and HIPAA can greatly streamline the process. Be sure to check with solution providers about upcharges for policy configurations - they should be included at no additional charge.
Combating email attacks requires cybersecurity and human awareness. Security awareness training teaches people not to automatically trust any email they receive. For even greater protection, add endpoint protection and DNS protection. After all, the more layers, the less likely it is that a threat actor will be successful. And if all else fails, backup and recovery solutions are essential to getting businesses up and running quickly, with minimal disruption.
Guest blog courtesy of OpenText Cybersecurity. Author Sam Kumarsamy is product marketing leader for OpenText Cybersecurity. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.