In recent times, adversaries have started moving away from malware-based email attacks to sophisticated “malware less” methods that can bypass traditional secure email gateways (SEG) and native email security, thus reaching the inbox. A report from FireEye suggests that such social engineering-based attacks, which include spear-phishing and CEO fraud, constitute over 90% of all email threats. The evolving situation has necessitated the deployment of Post Email Delivery Protection and advanced anti-phishing services.
Most Attacks Are Malware less, Necessitating Post-delivery Email Protection
(Source – FireEye)
Post email delivery protection provides security if a malicious email bypasses initial security measures and is delivered to the inbox. Email Security can be understood with a defense-in-depth model which has multiple layers of controls. First, we have the Outbound SMTP server spam filters, then an SEG, followed by the native security of email hosting clients like o365, and finally, the inbox. SEGs can prevent threats with signatures and malware but are relatively poor at countering file-less attacks, providing phishing protection, and other malware-less threats. For these, post-delivery email protection is necessary.
The Need For Post Delivery Email Security
The following statistics show how organizations must incorporate post-delivery protection in their anti-phishing services packages. It must be noted how malware-less attacks now make up a majority of email-based threats.
- The FBI confirmed that phishing was the most common of all cybercrimes in 2020.
- Verizon’s Data Breach Investigations Report lists out phishing as the top data breach threat, with nearly 43% of breaches involving phishing.
- Of all the phishing attacks in 2020 involving 75% of organizations worldwide, spear-phishing accounted for 35%, and the remaining 65% facing BEC attacks.
- Email is the most preferred way employed by threat actors to carry out phishing attacks, with nearly 96% of malware arriving by email.
Enormous Jump In Malware-Less Attacks Over The Years (Source – Ic3)
Post-Delivery Email Protection: Why Is It Crucial?
In the past, when email was hosted on on-premise servers, Secure Email Gateways (SEG) were the most common form of email security for all organizations. SEGs are either physical devices or cloud services that filter emails for viruses and spam. However, SEGs might not provide the cutting-edge protection necessary for enterprises in the cloud era as they were designed to safeguard against high volume spam and mass phishing attempts. SEGs do not scan emails within the email network and can miss sophisticated targeted attacks. Moreover, adversaries can check what SEG an organization uses and can thus bypass it.
Post-delivery protection is a new, advanced technology for securing emails within the email network. This method:
- Combines machine learning, artificial intelligence, antivirus, and malware detection to provide robust protection by scanning the emails delivered to the inbox.
- Stops harmful data loss and information leakage.
- Builds up a profile of the organization’s communication habits to check for inconsistencies
- Safeguards against multiple threats and stops the organization from sending emails to the wrong person.
- Provides ransomware protection and protection against all social engineering-based malware-less attacks.
Some features to look for in post-delivery email protection services include:
- Multiple antivirus scanners
- Warning recipients immediately if malware is found in delivered email
- Helps admins respond quickly to threats
- Helps make IT forensics simple.
- Automatic quarantine and easy installation
- Good customer care
How To Protect Against Post-Delivery Threats?
Apart from software, an organization can take several measures that prove helpful for protecting against post-delivery threats. These include the following:
Security Awareness Training For Employees Is Crucial
Reporting security threats is critical for creating a cyber security-oriented organizational culture where email security is prioritized. Continuous, active, and innovative employee training increases the likelihood of the staff identifying social engineering threats and reporting these to IT teams, rather than clicking, forwarding, or responding to the emails. Since threats keep evolving with time, the training should be supplemented with briefings on recent cyberattacks, and gamification can be done to retain knowledge better.
Following Best Practices And Deploying Automation
An automated incident response system can significantly reduce the time taken to deal with identified suspicious emails. Good post-delivery email protection software automates several processes, thus strengthening against future threats, but incident response plans also help reduce fallout. Best practice such as using an MX backup and following regulations such as proper email archiving is also beneficial if a post-delivery threat causes severe fallout to the organization’s servers.
Combining Post Delivery Email Protection With Threat Hunting Tools
Phishing attacks are challenging to stop and identify, and cloud services make such detection and prevention even more difficult. However, even in this scenario, threat hunting can help supplement post email delivery protection Software and provide visibility. Such tools can identify threats in delivered emails and verify if the impacted users have interacted with malicious email messages. Logs, Oauth Apps, credential stealing, and more can be used for hunting threats.
Leverage Information Sharing Among The Community
Most cybercriminals rely on similar methods to infiltrate network systems and even have marketplaces where exploits are sold and bought. As they leverage similar attack techniques across multiple targets, sharing threat data among community peers can prevent evolving threats from compromising an organization’s data. Organizations can share the details of threats across different cybersecurity forums to enable others to formulate security approaches for safeguarding against large-scale attacks.
In an era of increasing sophistication in email attacks, organizations need to improve their email security service to protect against threats like spear-phishing, business email compromise, and ransomware. However, Secure Email Gateways alone are not enough to safeguard against the email attacks of the modern digital era, and a multitiered approach is necessary, with the help of both a secure email gateway and post-delivery email protection. Several vendors offer both a secure email gateway and a post-delivery platform, and users might prefer these for optimal protection.