Organizations understand the importance of protecting sensitive information and avoiding a data breach. However, security teams are struggling to contain phishing attacks. Security risks increase due to the inability to view and successfully filter email threats, accurately differentiate between marketing and phishing emails, and apply a multi-layered email security approach with rules to holistically track traffic and stop malicious actions in real life.
This article explores email security best practices to defend against phishing attacks to reduce cyber risk.
Phishing attack trends
Cybercriminals are always evolving their tactics to stay one step ahead of their victims. Here are a few recent changes:
1. Advanced social engineering: Previously, bad grammar and poor sentence structure made it easy for employees to identify a phishing messages. But cybercriminals have since evolved to using logos and studying the voice and tone of their target to mimic. Cybercriminals will also use social media to research how senior executives write, speak, or how their hierarchy is structed in order to infiltrate an organization.
2. Multiple phishing forms used in tandem: Cybercriminals want to create a sense of urgency to prompt victims to act quickly. To do this, they’ve turned to doubling or tripling-up on phishing techniques. The National Cyber Security Center reported several incidents where multiple phishing techniques were used, such as sending a whaling email followed up by a phone call (vishing) to quickly establish trust and confirm the request.
3. Hijacking an existing thread: Malicious actors can compromise an existing email thread to appear legitimate. Most of us expect a scam email to be a standalone; inserting an urgent wire transfer request in an email chain will be less likely to raise suspicion than a one-off message.
Email security best practices: a layered approach
Strengthening your email security won’t just reduce the financial impact, it can also help you obtain or renew cyber insurance coverage. Questions like “Do you pre-screen emails for potentially malicious attachments and links?” and “Do you have the capability to automatically detonate and evaluate email attachments in a sandbox to determine if they are malicious prior to the delivery to the end-user?” appear on cyber insurance applications. And if you answer no, you could be immediately denied without a chance to reapply.
While native email security is a good start, it simply isn’t enough to protect your business. In 2021, Trend Micro detected and blocked over 33 million malicious emails that slipped past native defenses.
How does a layered security approach work? We’ve broken it down into four steps to demonstrate how multiple security capabilities and technologies work to thwart phishing attacks:
1. Email gateway
When an email first comes into the company, it should be inspected by an email gateway. Traditional email security may only provide basic email filtering and protection. Look to use the latest threat defenses like AI, ML, and behavioral analysis within a single dashboard to reduce manual tasks for overstretched security teams. Capabilities like authorship analysis compares a suspected impersonation to an AI model of a high-profile user’s writing style. This establishes a baseline to flag anomalies for security teams to further investigate.