9 Challenges for Email Security Experts - Protecting E-Mail in Times of Crisis

As the coronavirus pandemic forces enterprises to reshape their strategies, remote is slowly becoming the new normal. Platforms once united under a single firewall have now turned into scattered endpoints, and coherent threat defenses have to cover more ground than ever. While security experts struggle to keep threats at bay, one thing is becoming clear: your data is not safe anymore!

Your Biggest Ally. Your Weakest Link.

 As often happens during disruptive events, your most valuable assets are also the most vulnerable. The same goes for communication channels, where nothing is under more strain than the old, reliable e-mail.

 

From spear phishing, whaling and password theft to invoice fraud and man-in-the-middle attacks, e-mail is the target of some of the most vicious cyber threats. In fact, a great portion of malware is spread by e-mail, including ransomware, keyloggers and malicious links. Not to mention more insidious threats like directory harvesting and data exfiltration.

 

The reasons for these vulnerabilities are simple. E-mail is a critical business tool and a vital communication channel - it’s faster and more personal than collaborative tools and more formal than chat programs. In other words, it’s the most targeted form of communication because it is, by far, the most used one.

 

A second reason would be that e-mail is cloud stored and remotely managed, but manually operated. The human element of a system is constantly involved in the process of sending and receiving messages, as well as in accessing the content within.

 

A third and final reason is that e-mail allows you to exchange just about everything, from vital business documents, to office anecdotes and video call invitations. Its simplicity and versatility mean that threats can go unnoticed. Furthermore, e-mail servers are an incredibly valuable and vulnerable source of company data and personal information.

 

All this makes e-mail security a top priority for companies worldwide. In fact, a recent Mimecast study reveals that 61% of organizations believe it’s likely or inevitable they will suffer a negative business impact from e-mail attacks, while 67% of them claim they’ve seen increases in e-mail related attacks. No less than 94% of organizations had experienced a phishing attack in the past and 88% had experienced e-mail spoofing!

 

The same study revealed data loss to be the main consequence of successful attacks, closely followed by direct financial losses. In fact, according to CSO Online, losses in 2019 alone might have reached 16 billion dollars. Aside from money, companies reported loss of customers and jobs and, inevitably, severe loss in reputation. Not to mention the downtime that closely follows most breaches.

 

And the worst part? Most of these statistics were published in late 2019, before the current crisis, and before a new flood of cyber security challenges. This is why many companies partner with e-mail security providers or even develop their own solutions.

Your First Line of Defense

 E-mail security solutions work by filtering inbound and outbound traffic and by blocking malicious content before it reaches its recipients. An effective solution is not just a spam or suspicious link filter, but a framework of interlocked technologies.

 

Whether it’s an internally developed solution or an external one, an e-mail security platform should constantly block and quarantine suspicious elements and be connected to timely and relevant threat intelligence. So, assuming you want to create such a product or improve an existing one, there are a few challenges you should overcome.

 

First, before you start integrating more complex technologies, you should be certain that you’ve gotten the basics right. In other words:

1. Don’t stop at spam. Antispam has long become a commodity, and it is more of a nuisance than a threat. Do worry, though, about phishing and fraud attempts, as well as more evasive impersonation tactics. This is why your solution needs to incorporate advanced security layers that scan attachments and filter content before it reaches your network.

 

2. Stay up to date. This might seem self-explanatory, but too many solutions rely on patterns, rather than accurate threat intelligence. Attackers constantly search for new methods to conceal their weapons, especially in times of crisis: a file type that seemed safe two weeks ago might now host malware. Updated security information will save you a lot of trouble!

 

3. Fine-tune your reporting. Your security team needs full control over all existing e-mail infrastructure and policies, as well as insight into all detected and quarantined files. This is why configurable, automated reports are vital to your team’s success.

 

4. Expand your platform’s capabilities. Another important aspect to consider is your system’s current capacity to scan and control large volumes of e-mails and attachments. In fact, the more filters you implement, the bigger the workload! This is why your solution needs to be built on reliable technology that can guarantee high uptime and continuity of service.

 

5. Shield the human element. Many security experts assume the human element is beyond their control. Indeed, employees can be trained to apply security measures, but they can’t be forced to do so. What you can do is implement an autonomous and automated solution. This way the human element is shielded from many harmful interactions and has less impact on the security process altogether.

 

After you’re done with these initial, but vital points, you should lean a bit into the deeper issues of e-mail security.

 

6. Protect against high-level BEC (Business E-Mail Compromise) attacks. These attacks are a form of advanced spoofing and they include a wide range of tactics, from executive or CEO impersonation to other forms of spear phishing and whaling. The problem is, according to an AFP survey quoted by CSO Online, only 30% of companies have technology that can correctly flag e-mails that look similar or identical to company e-mails. That’s a worrying number, as this form of fraud is one of the most damaging - it can inflict not just internal damage, but also affect your company’s partners.

 

7. Protect your payments and separate them from e-mail communication. According to the same study, only 10% of companies use a payment protection gateway or a secure workstation to process transactions. Unfortunately, most cyber attackers are after two things: data and money. This is why a lot of cybersecurity companies advise against using e-mail for any form of financial transaction, especially since invoice fraud is at its highest. Your system should check for the exchange of such sensitive information by e-mail and prevent it.

 

8. Secure your servers against DHA (Directory Harvest Attacks). With the advent of APTs and other time-dependent threats, it’s now clear that attackers are spending more time in profiling their targets. Directory Harvest Attacks used to be brute-force techniques in which spammers simply tried to reconstruct a company’s e-mail database by trying various combinations of employee names and internal domains. However, such techniques are becoming more complex, with attackers sending series of short messages (often with no link attached), analyzing bounce and open rates, and mapping active addresses. DHA usually occur before more complex attacks or waves of spam. This is why even the more advanced spam filters may not be enough.

 

9. Prevent Data Exfiltration. A more general term, data exfiltration refers to a situation in which a piece of malware (usually an APT) or an attacker carries out one or multiple unauthorized data transfers from your systems. It’s sometimes called unauthorized data export, or data extrusion. While a wide range of information can be extracted from your company’s e-mail servers, the most sensitive includes personally identifiable information (PII), personal financial information and, in some cases, cryptographic keys. Such leaks can not only lead to financial losses, but also to infringement of privacy legislation such as GDPR or CCPA. An advanced security solution should not only block malicious URLs, but also block any PII from ever being sent by e-mail.

 

While all of the above translate into elevated e-mail security and a clear competitive advantage, they also mean a lot of dedicated R&D resources and high costs. So, what should you do?

Choose an E-Mail Security Ecosystem, Not Just a Provider

Bitdefender is supported by almost two decades of experience, countless awards and the intelligence of over 500 million systems. But what makes us unique is that we have built more than a wide selection of solutions (over 20+ different SDKs); we have built a security ecosystem.

 

Our products work continuously on four levels: threat prevention, advanced detection, protection and investigation. Choosing our e-mail security technology will protect you from existing threats, and safeguard you from future ones.

So, if you’re looking to build a superior e-mail security solution or simply toughen your defenses, we can offer you advanced prevention with our award-winning Antispam SDK: A cloud-based technology that relies on a combination of antispam filtering and predictive technologies to effectively detect spam messages in any language and reduce false positives, as well as protect from phishing attacks or malicious links in email attachments. E-mail threats will be blocked before they reach your systems.

Bitdefender’s Intelligent Antispam technology is also used by Bitdefender Security for Mail Servers, which is the only antispam solution to have achieved VBSpam certification in all 50 Virus Bulletin spam tests ever performed.  

 

To learn more about Bitdefender Antispam technology read the Antispam SDK Datasheet.