When it comes to business communication, email is still king. Cybercriminals are aware of this fact, and they’re constantly perfecting their attacks to successfully evade the built-in security defenses of Microsoft 365 and Google Workspace.
In this interview with Help Net Security, Dave Wreski, CEO at Guardian Digital, talks about modern email threats and offers protection advice for organizations.
Email is still the most used communication tool for modern businesses. With so many other options available, why are businesses not switching?
For over two decades, email has played a central role in business communications – a trend that has been magnified with the recent increase in remote workers due to the pandemic. Powered by the same open standards and protocols that power the Internet itself and protected with strong end-to-end encryption, email is a highly secure method of sharing confidential business information over the Internet. Email communications are virtually instantaneous, fostering rapid problem solving and helping to streamline business processes.
That being said, in order for data in transit to remain private and confidential, email must be set up and configured securely. For instance, using and enforcing the use of Transport Layer Security (TLS) encryption plays a critical role in protecting sensitive data in transit.
Implementing a comprehensive, fully supported email security solution is the best way of ensuring proper email setup and configuration and securing critical information shared over email with layered encryption standards and protocols including SPF, DMARC and DKIM.
Despite its importance, email remains poorly protected. Why is that the case? What should companies do to protect themselves?
Yes- this is a highly concerning trend that is leaving many businesses’ critical data and hard-earned reputations at risk of compromise in an attack or a breach daily. The majority of modern cyber risk is email risk, with over 90% of cyberattacks beginning with a phishing email, yet too many businesses still fail to recognize the universal risk associated with inadequately securing email infrastructure.
Many companies believe they are too small to be an attractive target, although this is far from the truth. Cybercriminals recognize that SMBs often lack the resources needed to prevent an attack, and are readily exploiting this shortcoming. Twenty-nine percent of SMBs have experienced the devastation of a ransomware attack this past year.
Too many businesses are also under the false impression that native Microsoft 365 email security or desktop protection is enough to secure their users and key assets when in fact it is not. These defenses are static, single-layered and unable to anticipate and block emerging threats and zero-day attacks. They are incapable of identifying malicious URLS and attachments characteristic of phishing and ransomware attacks that are not included in the static lists they rely on, and are unable to detect conversation-style anomalies often seen in social engineering attacks.
In order to make email safe for business in this heightened digital threat environment, all businesses should ensure they have implemented a proactive supplementary email security solution engineered to close these critical gaps in endpoint security and native cloud email protection. This solution should be able to anticipate and learn from the threats that challenge it, updating its protection in real-time to prevent future attacks.
Ideally, businesses should choose a solution that is fully supported by the expert, ongoing system monitoring and maintenance required to enhance IT security and ensure rapid detection and elimination of potential threats.
One of cybercriminals’ favorite targets is certainly Office 365. What advice would you give to CISOs that want to strengthen their defenses?
As I’ve explained above, the built-in Microsoft 365 email protection provided by Microsoft Exchange Online Protection (EOP) alone is not enough to protect against targeted spear phishing, ransomware and the other sophisticated attacks that are rampant in this platform. Despite built-in security defenses, 85% of users have experienced an email data breach in the past year.
As with any type of security strategy, defense-in-depth is critical in securing Microsoft 365 email. First and foremost, CISOs should select and implement a proactive, fully supported email security solution that fulfills the requirements I have specified above. In addition, companies should conduct regular security awareness training to educate employees on the threats they face and how to protect against them, as well as frequent cybersecurity audits to assess their risk profile and the efficacy of their current email security strategy.
A managed email security services provider should be able to provide the real-time cybersecurity business insights required to reduce risk exposure and foster improved cybersecurity business planning and better enforcement of company security policies.
How can organizations put a stop to sophisticated and targeted phishing email scams?
Phishing attacks are becoming increasingly difficult to detect and stop. Today’s attacks often leverage advanced social engineering techniques to manipulate psychology and deceive users into sharings sensitive credentials or downloading malware.
Protecting against modern phishing scams demands intuitive, adaptive protection powered by artificial intelligence and machine learning, enabling it to conduct a dynamic analysis of all URLs and attachments prior to delivery to protect against spear phishing, ransomware and other dangerous attacks that often leverage malicious files and links, and identify the conversation-style anomalies that are characteristic of email account compromise (EAC) and business email compromise (BEC) scams.
I am a strong believer that the transparent, community-powered open-source development model can be applied to the development of email security technology to engineer highly effective phishing and zero-day protection. In such a model, emails gathered from millions of systems from around the world are used to identify patterns and perform large-scale tests on filters and frameworks that have been developed to block malicious mail.
Results are then distributed back to the community, where the insight gathered is incorporated into millions of systems worldwide. The Open-Source Intelligence (OSINT) gathered in this process results in real-time updates, ensuring that new phishing campaigns and zero-day vulnerabilities discovered in one part of the world are addressed and contained quickly before they have a chance to spread.
This approach also enables providers to freely tap into global resources, tools and intelligence shared within the community, equipping them with what they need to engineer exceptionally secure solutions that can evolve and grow quickly and easily to remain ahead of the latest threats.
How do you see email-related threats evolving in the next few years? What should security teams pay special attention to?
Email threats will evolve more rapidly than ever, as phishing attacks exploiting the pandemic have provided cyber thieves with tactics and mechanisms they can use to craft attack campaigns exploiting the latest trends and events.
With the widespread adoption of Microsoft 365 and its homogeneous security system, cyber thieves are now able to open any account, test their methods until they are able to bypass default filters, and reuse these methods in attacks targeting thousands of different accounts. The lack of complexity and sophistication that is required to craft an attack campaign and the prevalence of sensitive information available about businesses and individuals on the Internet has made existing threats far more dangerous and impactful – a trend that will foster and perpetuate innovation in the realm of cyber crime.
Cybercriminals are increasingly attacking critical infrastructure where downtime affects a significant number of consumers, such as with the recent Colonial Pipeline ransomware incident, creating additional pressure to solve the problem more quickly than if it only impacted a single business and its customers or shareholders.
The growing popularity of cryptocurrency and lack of regulations surrounding its use is a trend that is fueling the rise in easy, untraceable money for ransomware operators. Until more is done to regulate how Bitcoin and others are used, ransomware demands and the devastation caused by these crippling attacks will just continue to increase.
Combating ransomware is a top priority for the US government, with the creation of stopransomware.gov and a specific ransomware task force. However, until the government becomes further involved in stopping these attacks and businesses address ransomware with the same urgency, attacks will continue unabated and the cost of remediation – which is now over $500,000 per incident on average – will continue to increase. Many businesses are never able to recover, with 60% of SMBs being forced out of business within six months of getting hit with ransomware.
Unfortunately, there is not one thing that can be done to stop the scourge of ransomware. Tighter regulations are just one weapon in the fight against ransomware. Businesses must also assume the responsibility of protecting their critical data with an effective, defense-in-depth email security strategy.
Security teams should pay special attention to fortifying cloud email with adaptive supplementary protection capable of safeguarding against ransomware, phishing and the other malicious attacks that define the modern threat landscape, enabling organizations to reap the benefit of cloud-based services without sacrificing security.