Email Security Solutions for Businesses

As the Verizon 2022 Data Breach Investigations Report (DBIR) shows, email is a leading attack vector in cyberattacks. To block this common attack vector, an email security strategy should be developed to address all weaknesses related to email, which is likely to include multiple email security solutions. While a spam filter was once sufficient for blocking email threats, the sophisticated nature of the current threat landscape means a single solution is no longer sufficient.

Developing a Robust Email Security Strategy

One of the main problems faced by network defenders is the speed at which the threat landscape is changing. Cyber threat actors are constantly changing their tactics, techniques, and procedures (TTPs) in an effort to bypass email security solutions, and many organizations struggle to ensure they have sufficient defenses against increasingly sophisticated email attacks. In addition to defending against phishing and spear phishing attacks, email security solutions are required that can detect and block increasingly sophisticated malware.

Business email compromise (BEC) attacks have increased and are now the leading cause of losses to cybercrime. While these attacks usually start with phishing, they can be difficult to identify and block. Ransomware is rampant, with the latest Verizon DBIR report revealing there was a 13% increase in ransomware attacks in 2021, which is a higher increase than the previous 5 years combined. While RDP is the leading method of gaining initial access to networks, 35% of ransomware attacks use email as the attack vector, commonly distributing downloaders that deliver the ransomware payload.

While phishing defenses are largely concerned with protecting accounts from external phishing attempts, there is now the risk of outbound phishing, where employee email accounts are compromised and used to send phishing emails internally and to vendors and customers. Cybercriminals abuse trust in the brand, and since outbound phishing uses genuine company email accounts, the emails are more likely to attract a click.

When developing an email security strategy, core elements are required such as secure email gateways, strong authentication controls are required to protect email accounts against unauthorized access, measures must be implemented to prevent email spoofing, data loss prevention measures are needed to stop sensitive data from being sent via email, and encryption is required to prevent the interception of email data in transit. It is also vital to augment email security solutions with security awareness training for the workforce, to improve the human element of email defenses.

Your email security strategy should also include robust data backup policies to ensure that email data cannot be lost and can always be accessed to ensure business continuity.

Email Security Solutions to Implement

To prevent email attacks, organizations should adopt a defense-in-depth strategy and implement multiple email security solutions that provide overlapping layers of protection and the best place to start is with a secure email gateway.

Secure Email Gateways

Secure email gateways, whether delivered as an on-premises or cloud-based solution, will protect against the most common email-based attacks: phishing, spear phishing, malware, ransomware, botnets, and BEC attacks. Solutions should have strong anti-malware capabilities. Email security solutions that only incorporate signature-based malware detection mechanisms are no longer sufficient as they fail to identify new malware threats. Behavioral analysis tools are now required to block advanced malware threats, such as sandboxing.

The content of messages must be scanned to identify malicious links in the message body or attachments, and the metadata and message body should be analyzed using machine learning/AI components to identify BEC attacks and phishing emails. Blacklists of known malicious IP addresses are not sufficient for blocking today’s phishing threats by themselves. Greylisting should also be considered as an additional measure for identifying IP addresses used for spamming and phishing.

You should choose a secure email gateway that includes outbound scanning to identify outbound phishing attacks and malware delivery, preferably one with data loss prevention capabilities that can identify sensitive data that insiders of threat actors are attempting to send externally via email.

Web Filters

While web filters are concerned with content control, they also play an important role in protecting against phishing attacks and malware delivery. Malicious emails link to websites hosting phishing forms and malware. Web filters work in tandem with email security solutions and analyze the web content linked in emails. They can block malware downloads from the Internet and prevent users from visiting phishing and other scam sites.

Endpoint Security Solutions

Endpoint security solutions should be installed for detecting malware that has bypassed email defenses and is installed on endpoints. These solutions should be configured to update automatically, and regular scans should be conducted. These antivirus and antimalware controls provide an extra layer of protection, should other email security solutions fail to identify a threat.

Strong authentication

Strong authentication controls are required to prevent unauthorized access to email accounts. Password policies should be set and enforced that require users to create strong, complex passwords for their email accounts. Consider providing an enterprise password management solution to help end users create strong passwords and store them securely. Multi-factor authentication should be implemented on all email accounts to protect against unauthorized access in the event of credentials being stolen.

Email Encryption

Email was designed to make communication quick and easy and for it to be as accessible as possible, but email was not developed with security in mind. Emails are often sent in plain text by default, which means that emails can be intercepted, read, and altered in transit. End-to end encryption for email is recommended – or at least Transport Layer Security (TLS) – to protect emails in transit. Email encryption should be automated. Look for email security solutions that include keyword-based encryption that will automatically encrypt sensitive emails.

Security Awareness Training

Technical defenses against phishing, BEC attacks, and other malicious emails will not block every threat. It is vital for security awareness training to be provided to the workforce, and for training to be provided regularly. If a malicious email reaches an inbox, whether it turns into a successful attack will depend on the security awareness of the end user. Training should cover security best practices, make users are of the threats they are likely to encounter and teach them how to recognize and avoid those threats. Consider running phishing email simulations to discover how well employees perform at detecting threats during the working day, and if they are applying their training. Failed simulations can be turned into a training opportunity.

Email Archives and Backups

Email archives and backups are important for security. Backups of emails should be made regularly, backups should be tested to make sure email data can be recovered, and backups should be encrypted and stored securely off-site. In the event of a ransomware attack or other data destruction event, email data will be preserved. Email archives are one of the most neglected email security solutions yet are important for business continuity and to support disaster recovery. Email archives will ensure that email data is always available, even during a mail server outage.