For hackers, email can often be a simple route into an organisation’s network. Educating employees about the dangers and how they can avoid falling for some of the sophisticated methods cybercriminals employ is crucial. Here, we unravel two recent pieces of research which detail some of the key threats while two industry experts offer their advice on how businesses can bolster their email security strategy.
Mimecast, a leading email and data security company, has announced the availability of its latest Email Security Risk Assessment (ESRA), which found a significant increase in Business Email Compromise (BEC) attacks, emails containing dangerous file types, malware attachments and spam being delivered to users’ inboxes from incumbent email security systems.
BEC attacks, also referred to as email-based impersonation fraud, are an issue that is not going away because these attacks can easily evade many traditional email security systems on a global scale. The latest ESRA found a 269% increase in these types of attacks, in comparison to the same findings in last quarter’s report.
This trend was also reflected in recent research, the State of Email Security 2019 report, which found that 85% of the 1,025 global respondents experienced an impersonation attack in 2018, with 73% of those victims having experienced a direct business impact – like financial, data or customer loss.
The rise in BEC attacks underscores the need for organisations to add protection against well-resourced attackers.
BEC attacks are not the only method cybercriminals have been successfully leveraging to target organisations. The ESRA report found 28,783,892 spam emails, 28,808 malware attachments and 28,726 dangerous files types were all missed by incumbent providers and delivered to users’ inboxes, an overall false negative rate of 11% of inspected emails. The results from the report demonstrate the need for the entire industry to continue to work toward a higher standard of email security.
Mimecast produces quarterly ESRA reports to offer organisations insights on the rise of new types of email-borne threats and key trends in malicious email campaigns.
Jeff Ogden, General Manager – Middle East and India, Mimecast, said: “Mimecast believes that cyber-resilience begins with robust email security. Cyber-resilience can be most simply defined as the ability to adapt and respond effectively to every potential threat no matter where it’s coming from.
“Email may be forced offline by a cyberattack, IT failure or even purposely by IT to contain a threat. Either way, disruption to email flow can directly impact business operations and limit the ability to communicate.
“All organisations should strongly consider a continuity solution that allows employees to continue with business as usual. CISOs should also ensure that data is protected and accessible for users. In the event of a cyberattack it’s important to be able to recover all data and other corporate IP after the incident.
“Attack tactics have evolved. Deception is now the name of the game rather than brute forcing access to networks and devices. Increasingly sophisticated attackers are tricking their targets by posing as trusted senders and brands, getting them to hand over login details, personal information and money. Phishing attacks are still growing, with impersonation attacks growing even faster.
“We also advocate threat hunting to internal email traffic, enabling organisations to detect, analyse, remediate and extract bad things out of their email networks. Combining these capabilities with a stronger human firewall through dynamic user awareness training and testing programs ensures that an organisation’s internal network, made up of people and machines, is robust and capable of defending itself against malicious attacks.
“Finally, it’s important that brands monitor their domains from being explicitly spoofed so that customers can maintain trust in companies with which they are conducting business.”
The ‘Human Factor’
Meanwhile, Proofpoint,a leading cybersecurity and compliance company, announced its annual Human Factor report findings, which highlight the ways in which cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions, steal data and more. The report, based on an 18-month analysis of data collected across Proofpoint’s global customer base, spotlights attack trends to help organisations and users stay safe.
Proofpoint’s 2019 Human Factor report findings include:
- More than 99% of threats observed required human interaction to execute. Enabling a macro, opening a file, following a link or opening a document – signifying the importance of social engineering to enable successful attacks
- Microsoft lures remain a staple. Nearly one in four phishing emails sent in 2018 were associated with Microsoft products.2019 saw a shift towards cloud storage, DocuSign and Microsoft cloud service phishing in terms of effectiveness. The top phishing lures were focused on credential theft, creating feedback loops that potentially inform future attacks, lateral movement, internal phishing and more.
- Threat actors are refining their tools and techniques in search of financial gain and information theft. While one-to-one attacks and one-to-many attacks were more common when impostor attacks first began to emerge, threat actors are finding success in attacks using more than five identities against more than five individuals in targeted organisations
Email attacks: Verticals at risk
- Education, finance and advertising/marketing topped the industries with the highest average attack index, an aggregated measure of attack severity and risk. The education sector is frequently targeted with attacks of the highest severity and has one of the highest average number of Very Attacked People (VAPs) across industries. The financial services industry has a relatively high average attack index but fewer VAPs.
- 2018 saw impostor attacks at their highest levels in the engineering, automotive and education industries, averaging more than 75 attacks per organisation. This is likely due to supply chain complexities associated with the engineering and automotive industries, and high-value targets and user vulnerabilities, especially among student populations, in the education sector. In the first half of 2019, the most highly targeted industries shifted to financial services, manufacturing, education, healthcare and retail.
- Attackers capitalise on human insecurity. The most effective phishing lures in 2018 were dominated by ‘Brainfood’, a diet and brain enhancement affiliate scam that harvests credit cards. Brainfood lures had click rates over 1.6 clicks per message, over twice as many clicks as the next most clicked lure.
Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint, said: “As more than 90% of targeted attacks start with email, it is paramount that organisations have in place a robust email security strategy through layered defences at the network edge, two-factor authentication, email gateway, in the cloud and endpoint to provide the best defence against these types of attacks, most of which lack malware payloads.
“Email attacks target specific people within organisations, not all employees, which aligns directly with Proofpoint’s focus on people-centric security. Organisations need to know exactly who is being targeted and why – so they can tailor their prevention and protection programmes accordingly.
“Furthermore, educating employees about cybersecurity best practices is the best way to empower users to understand how to protect theirs and their organisation’s data, making end users a strong last line of defence against cyberattackers.
“Our security awareness training and visibility ensures security teams understand the potential risk that an individual or group might fall for an attack, in order to deliver customised awareness training and reduce the attack surface.
“By illustrating how cybercriminals operate through real-life phishing simulations, organisations can change employee behaviour and manage end-user risk to create a culture of security.”
Click below to share this article