Russell Young, Tech Lead at Trend Micro in South Africa, talks about what organisations need to do to ensure they have robust email security systems in place.
As corporate environments become progressively interconnected, threats become increasingly complicated. In fact, of all infection vectors, email remains one of the most consistently used platforms in cybercrime because of how easily it can be abused.
Apart from being a staple communication and collaboration tool, email is effortless and cheaper (if not cost-free) to distribute. The convenience it affords to cybercriminals puts enterprise environments using email services in a potentially precarious situation – they can be susceptible to fraud, spying, information theft and spoofing, among other attacks.
In 2018, the Trend Micro Smart Protection Network detected and blocked over 41 billion email threats. The overwhelming increase in the number of phishing attacks and spam campaigns, as well as cybercriminals’ constant bundling of email with various types of malware, contributed to this huge total.
The proliferation, not to mention persistence, of these threats should remind organisations that despite all the other potential areas which cybercriminals can attack, they still need to efficiently protect their email systems.
Phishing emails have long been the favourite tool for cyber attackers to use. These can take the form of targeted attacks, ransomware and scams to steal data from the organisation. Email is an open door into the business and with convincing social engineering, even the most most savvy user can be tricked into clicking on a link, opening an infected attachment, or changing a beneficiary account.
Companies therefore need smarter security solutions capable of addressing all facets of email threats. However, cybersecurity is a constantly evolving environment. What works today will not necessarily work tomorrow. Decision-makers must ensure their policies and protective measures are agile to reflect this dynamic environment. Yet security must be easy to administer and integrate information with other protective measures to instantly protect the company from existing and emerging threats.#
Unfortunately, research shows that nearly all running computers have serious hardware flaws, ransomware persists globally, unauthorised cryptocurrency mining is growing, and vulnerable connected devices in homes are frequently hit with new attacks. In the wake of this, it is easy to lose sight of the basic security fundamentals.
Companies must therefore set up a multi-layered cybersecurity defence to address the risks that email threats pose. Furthermore, cybersecurity solutions must take the cloud into account and leverage the built-in security of email services like Office 365 through Machine Learning in detecting suspicious content in the message body and attachments. These solutions must be able to perform sandbox malware analysis, document exploit detection, and use file, email, and Web reputation technologies.
However, an effective cybersecurity strategy does not only consist of multiple layers of cybersecurity protection. It also needs workforce cybersecurity awareness so that no security holes can be accidentally opened for cybercriminals to exploit. In addition to employing security solutions, organisations can inform employees of best practices against email threats and help them become more vigilant by deploying our free phishing simulation and user training service.