Smart cybersecurity practitioners know that for the best protection, they should use a ‘defense in depth’ strategy. Layering different kinds of defense together enables them to provide multiple layers of protection. But for a truly robust cyber-defense, you shouldn’t forget to protect one of your most vulnerable communication channels: email.
Email is baked into the DNA of any business. In spite of alternative channels such as social media and web chat, this tried and tested form of communication is becoming more, rather than less, important to the average company.
According to Radicati’s 2014-2018 Email Statistics Report, there were 4.1bn email accounts in 2014, and this will grow to 5.2bn within four years. Business is the biggest source of email traffic, said the report, accounting for 108.7bn emails per day in 2014 – and the number of business-related emails will increase to 139.4bn daily by 2018.
Unfortunately, email is also a channel for attackers to strike at any organization. Spam is a frequent problem for business users, who may be sent harmful attachments that could infect computers on their network. In Q3 2014, the number of spam email messages sent globally topped 10 trillion, according to McAfee Labs’ Threats Report.
Phishing – a relative of spam – is a common email attack that can be used to fool employees into granting access to your systems. Attackers will email a company’s employees with a variety of ruses.
In a typical phishing attack, a criminal may pretend to be from a trusted third party such as an IT department, and will send an email asking employees to log in to a web portal. The portal is fraudulent, and will gather their login data, enabling the attacker to infiltrate corporate systems and gain a foothold.
In Q3 2014, the number of unique phishing reports reached 163,333, down just 5% from the prior quarter, according to the Q3 2014 Phishing Activity Trends Report, which is produced by the Anti-Phishing Working Group (APWG). Payment services was the most targeted industry, with 32% of phishing attacks, while financial services received the second highest proportion of attacks, at 27%, according to the APWG report. Retail came in third.
A mature email security system features protection mechanisms such as blacklisting to block known malicious senders, and anti-spam engines that look for telltale spam signatures and keywords. It will also evaluate the source of a message in real time using a sophisticated set of parameters, and it will ‘greylist’ emails, forcing email servers to resend them (illegitimate servers will rarely respond to such requests).
The best defense-in-depth solutions work together, complementing each other. Combined with other defense mechanisms such as web protection and anti-malware scanners, email protection should play a crucial role in protecting your clients' organizations.
Anti-malware scanners will check any attachments that an email blacklist and spam filter fail to stop, for example. Web protection can help to stop employees visiting bogus phishing or malware sites – but ideally, a cloud-based email filter will stop those messages even touching a company’s email servers.
Defense-in-depth is like bulletproof glass: it’s layered, so that even if an attack makes it past one layer of defense, it will be stopped by another. Together, they create an armored web of protection that can shield a company from harm. Email security represents one layer of that armor. In a neighborhood as dangerous as the Internet, doesn’t it pay to have as much protection as possible?
To find out how SolarWinds Mail Assure can help with your email security needs, download our free SolarWinds Mail Assure Email Security Guide