Email Security: The Current State and Way Forward
By Taradutt Pant | January 8, 2019
Email is the lifeline of any business in today’s world. It is one of the most important communication mediums in our global economy, with over 200 billion email messages sent and received worldwide every day.
According to Radicati’s Email Statistics Report, 2017-2021, the number of business email accounts is expected to grow from 1 billion in 2017 to 1.1 billion by 2021, with an estimated average annual growth rate of 2%.
This is why, Email is the favourite weapon for Cyber Criminals, since it allows them to reach millions of end users directly. It is the easiest way for a hacker to enter a network and execute tactics to accomplish an objective — be it stealing data, delivering a malicious payload or phishing for credentials. More than 90 percent of all successful Cyber Attacks begin with a Phishing email. And More than 93 percent of all phishing emails contain encryption ransomware. Also, it is not a surprise that Spam is still a huge problem and is growing continuously, with more than 54% of overall Email traffic being spam.
These are just some of the facts that show why email security should be the top most priority for the businesses right now.
Securing email is just no longer about blocking mass spam and phishing campaigns. Targeted email threats are on a horrible rise and pose a critical threat to every organisation. Business Email Compromise, Spear Phishing, Social Engineering, Advanced Persistent Threats or Zero Day attacks are common forms of such attacks.
These are advanced email threats which are complex, carefully planned, and are highly target driven. Traditional anti-spam and signature-based anti-malware solutions simply cannot stop these attacks.
Phishing is currently a major part of problem with email. But majority of those Phishing attacks can be blocked by implementing email authentication through DMARC, which prevents email impersonation downright. SPF (sender policy framework) tells a recipient where email from your organization should come from. DKIM (domain keys identified mail) cryptographically signs messages to both prevent tampering and confirm who sent the message. And, DMARC (domain-based message authentication, reporting, and conformance) allows a sender to tell recipients what SPF and DKIM results to expect, and what to do when the checks fail.
Coming to Advanced malware attacks, tackling these types of threats requires real time content analysis and filtering. Features like URL Discovery and analysis, URL Rewriting should be included to block malicious URLs. Further, detecting and blocking malwares, macros and dangerous file types as part of attachment protection is a primary need for any comprehensive email solution. Sandboxing should also be included as part of attachment protection for complete behaviour analysis.
When it comes to email security, we generally don’t consider our outbound phishing risk. We’re more concerned with protecting our employees and network by securing email coming into the organization and protecting our confidential data by monitoring and encrypting email going out of the organization. But cyber criminals quietly spoofing your company outside of your email gateway can badly hurt your reputation. Hence, Validating the emails generating internal to the organisation, or outbound is a must. Checking for Sensitive content, malicious URLs, attachment should be incorporated as part of the overall strategy. Use of DLP and encryption can play a major role in minimizing such threats.
No security solution can stop all attacks. There should be a response plan ready in place, to maintain email continuity in case of any failures. Regular Backups and Email Archival to prevent outage, in case of data loss or corruption must also be there.
Finally, the most under looked aspect while designing a cyber security practice is Employee Enablement. Business email accounts are used and accessed by teams of people, not just an individual. All employees or the entire organisation might have to suffer the consequences of a single mistake committed by one employee. Risky user habits are one of the biggest causes of breaches and data loss. Training your employees and making them aware of email security measures by means of anti-phishing or anti-spamming campaigns on regular intervals is a must. And, will considerably improve the overall Cyber Hygiene of any organisation.
To summarize, only a multi-layered security approach can provide the best defence against today’s ever evolving threat landscape. These layers should include advanced threat protection features, such as sandbox analysis for file attachments and embedded URLs, DDOS Prevention, DLP Features and email authentication technologies such as SPF, DKIM and DMARC.
But it won’t be long before these methods are just as ubiquitous, as HTTPS is today.
Remember, the Threat is real and our Proactiveness is the need of hour. Because in the end our goal is always simple: Safety and Security.