Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Mail Email Security Trends for 2018
Mail

Email Security Trends for 2018

By Tony Meyer
20 March, 2018

Email is the lifeblood of any business. 

According to Radicati’s Email Statistics Report, 2017-2021, the number of business email accounts is expected to grow from 1 billion in 2017 to 1.1 billion by 2021, with an estimated average annual growth rate of 2%. It is not news that spam is a huge problem for businesses, with 59.56% of email traffic worldwide consisting of spam messages, and daily cyberattacks hitting users’ mailboxes globally. 

In 2017, the WannaCry ransomware attack is reported to have infected more than 300,000 computers across 150 countries. Keeping safe from cyberattacks is a huge challenge for most companies. This blog looks at the growing threat from spam and the latest trends you need to be aware of.

Trend 1: Spam is still a threat

spamthreat.jpgOut of 10 emails coming into your inbox, around six are likely to be spam. Be it a fake lottery win, a miracle cure for any disease, or the news of an inheritance from a so-called relative, people have adapted to junk flooding their mailboxes.

While other email threat methods continue to grow, spam level stays constant globally and are expected to remain the same in 2018. 

To prevent spam from disrupting your business, it is recommended you add a protective layer to your email service that will filter out spam messages and help ensure email continuity.

Trend 2: Spear phishing continues to dominate

speaphishing email.jpgWhile spam continues to be an issue in general, phishing and malware dominated the email security landscape in 2017, and it’s likely this will continue in 2018.

With an increasing number of mailboxes protected by quality anti-spam solutions, and consumers (more susceptible than business users in general) moving a lot of communication away from email to other platforms, spam is less profitable than it once used to be.

Spear phishing (where the phish is tailored carefully to target someone specific, such as your payments clerk or CFO) operates on a different model than spam. Rather than low work, high volume, and profit by convincing a tiny fraction of recipients to pay a small amount of money, it’s more work, lower volume, with profit coming from convincing a significant proportion of recipients to pay potentially many thousands of dollars.

We expect that during 2018, the risk from spear phishing will continue to grow. Recognizing a well-made spear phish attack is challenging, both for the target and for anti-phishing solutions, and the potential reward makes this an attractive target for attackers.

The most significant changes companies can make to prevent phishing are to configure the following:

  • SPF (sender policy framework)—this tells a recipient where email from your organization should come from. 
  • DKIM (domain keys identified mail)—this cryptographically signs messages to both prevent tampering and confirm who sent the message. 
  • DMARC (domain-based message authentication, reporting, and conformance)—this allows a sender to tell recipients what SPF and DKIM results to expect, and what to do when the checks fail.

All good anti-phishing solutions will make use of SPF, DKIM, and DMARC checks, and results from these authentication checks are displayed in many email clients as well. If you protect your organization, you stop anyone using you as a mask for their phishing attack, and you also prevent attacks where an email supposedly comes from within your organization. Whitelisting senders is only safe when the sender has these safety systems configured.

We suspect that, in 2018, we’ll see “phishers” making increased use of the wealth of data available about individuals (through increased online presence as well as common data breaches), as well as the rise in cheaply available data processing models. Combining cheap, powerful “AI” and large data stores should allow phishers to further automate spear phishing attacks, driving the cost down while still potentially reaping much higher rewards than simple spam.

Trend 3: Malware that leads to ransomware

Malware_email.jpgPhishing and malware attacks provide a first layer for attackers to gain access to systems. We expect that 2018 will see a continuation of the use of ransomware as the primary payoff for these attacks, as the repeated success of ransomware in general over the course of 2017 has shown that many people do not have sufficient protection or backup in place.

We may also start seeing the use of compromised systems for generating cryptocurrency (e.g., Bitcoin and other altcoins). This would be more of a return to ‘traditional’ use of large-scale compromised systems (botnets), where the attacker hopes to gain long-term use of the system without its owner noticing. The payoff takes much longer than convincing someone to pay a ransom, but there is generally less risk involved.

With WannaCry and NotPetya in 2017, email had little to almost no involvement in the spread of the attacks. This was contributing to the speed at which they spread, as the direct propagation avoided the delays that are typically seen with an email vector. It’s likely that we’ll continue to see a mixture of attack vectors in 2018, with some risk from mail (both from attachments or links in the message, and from systems compromised via phishing messages), as well as through other vectors like EternalBlue.

It’s clear there’s an increasing need for a multilayered defense—a robust email security layer that blocks spam and phishing attacks, as well as preventing access to dangerous attachments and links—but also robust endpoint security that directly secures end-user devices. A healthy backup system remains the most effective protection against ransomware—and allows continuation of business-critical functions if your systems are down (e.g., email archive, continuity).

 

Tony Meyer is a Senior Product Architect leading the architecture of the email products (Mail Assure Email Protection, Mail Assure Mail Archiving, SpamExperts Incoming Filter, SpamExperts Outgoing Filter, SpamExperts Archiving) at SolarWinds MSP. He has been programming since 1984, and has more than 15 years’ experience working in the email security field.

 

Click here to find out how SolarWinds® Mail Assure™ can help you protect your customers' businesses.

You might also like...
Mail

How Email Archiving Can Help Move You Toward SOX Compliance
Mail

How a Secure Email Gateway (SEG) Can Protect Your Business
Mail

How to Effectively Use an Email Spam Filter Service
Mail

6 Cybersecurity Tips for Business Email
Mail

Partnering for Growth: Strong Defenses, Solid MSP Partnerships
Mail

What Is DMARC Email Security and How Do You Implement It?
Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.