(December 9, 2021) Despite the widespread adoption of collaboration platforms, email remains a primary medium for business communication. The use of email has only increased with the transition to work-from-home and hybrid models, with employees relying on it heavily to share files and information. Because of its popularity, email remains one of the most significant vectors for cyberattacks. Cybercriminals exploit email to launch phishing campaigns, spread malware, commit fraud and exfiltrate sensitive data.
For the 2021 State of Email Security study, research firm Vanson Bourne conducted a global survey of 1,225 IT and cybersecurity professionals. Seventy percent of respondents said it’s likely, extremely likely, or inevitable that their organization will be harmed by an email-borne attack. That’s up from 59 percent in the 2020 survey. The number rose to 75 percent in organizations that saw increased use of email over the past year.
Clearly, organizations should take steps to secure their email systems and prevent the spread of malicious content and attachments. However, 79 percent of survey respondents acknowledged that they are not adequately prepared to address email security threats.
Understanding the Threats
For many organizations, email security begins and ends with spam filtering and antivirus. A good spam filtering solution will block 99 percent of unwanted email, preventing crude and simplistic phishing emails from reaching users’ inboxes. Antivirus solutions installed at the email gateway will scan attachments for known malware.
However, phishing — the most prevalent email threat — has become increasingly sophisticated and often gets past these initial protections. What’s more, many of today’s phishing emails are difficult to spot, even if users are vigilant and have received security training. Targeted phishing techniques increase the likelihood that someone will inadvertently divulge sensitive data or click on a malicious link or attachment. According to the 2021 State of Email Security report, 63 percent of organizations saw an increase in targeted phishing attacks.
Business email compromise (BEC) is also on the rise, with 51 percent of survey respondents reporting an increase in these attacks. With BEC, cybercriminals “spoof” email accounts to trick victims into transferring money to a fraudulent account or sending sensitive information. Often, they spoof the identity of a company executive or someone else in authority within the organization and target users in finance or accounting.
Cybercriminals use spoofed emails for other types of scams, and 47 percent of respondents to the Vanson Bourne survey are seeing an increase in these threats. Data leaks and related user negligence are a growing problem for 46 percent of organizations.
Email Security Strategy
Experts recommend a multi-layered approach to email security that incorporates monitoring of internal and outbound emails, protecting against malicious content that reaches users’ inboxes, blocking the exfiltration of sensitive data, and training end-users to spot suspicious emails. However, just 26 percent of organizations surveyed by Vanson Bourne have all of these security controls in place. Even organizations that use Microsoft 365 for email recognize that they need extra layers of protection beyond what Microsoft provides.
For example, Domain-based Message Authentication, Reporting, and Conformance (DMARC) use special protocols to authenticate emails and keep spoofed messages out of inboxes. Encryption reduces the risk that sensitive data will be exposed through fraud, carelessness, or a man-in-the-middle attack.
A managed services provider (MSP) with cybersecurity experts on staff can help you develop an email security strategy that provides end-to-end protection. The MSP can help you select the right tools and configure them according to your business and IT requirements. Around-the-clock monitoring and proactive maintenance help maximize the value of your email security investments.
Email security is too critical to ignore. Organizations should look beyond spam filtering and antivirus and implement comprehensive protection against email-borne attacks.
ABOUT MAINSTREAM TECHNOLOGIES Mainstream Technologies is a Little Rock, AR IT company that delivers a full range of technology services in Arkansas and the surrounding region including managed IT services and consulting, custom software development, and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile