Email is the main communication method for businesses and the move to remote work means even more critical data is being shared using this channel. Sifting through hundreds of emails a day is time-consuming and exhausting. With growing email fatigue, it is easy for team members to click on a malicious email without knowing it. That’s why 94% of all malware is delivered via email – making it the most widely used attack vector.
Your IT team and users need to understand the different ways criminals are exploiting employee inboxes. As you will see, education is the first step to tackling the rising threat.
Methods of email attacks
Phishing accounts for more than 80% of reported security incidents. Nobelium – the group behind the infamous SolarWinds attack – used phishing attacks to drop backdoor malware on 150 organizations. Unfortunately, there’s no sign of it abating. In fact, the Acronis Cyberthreats Report: Mid-year 2021 update revealed that phishing emails rose 62% from Q1 to Q2 in 2021.
Meanwhile, 95% of all attacks on enterprise networks are the result of successful spear phishing, which specifically targets high-value victims. The co-founder of Australian hedge fund, Levitas Capital, was a victim, which cost the company $800,000. It resulted in the loss of the fund’s largest client and required the business to permanently close.
A 2019 cybersecurity survey discovered that 26% of organizations worldwide were targets of one to 10 business e-mail compromise (BEC) attacks. In 2020, BEC scams were the most expensive cyberattacks according to FBI's Internet Crime Complaint Center (IC3).
Is the sky falling?
Regardless of the success that cybercriminals have with email attacks, the sky is not falling. There are three approaches that, when used in parallel, can mitigate the risk of an attack:
- Provide ongoing user education on what new attacks look like, what to do if a user suspects an attack, and what not to do.
- Implement advanced anti-malware that provides a multi-layered approach.
- Develop and test an incident response plan to respond and manage an attack, mitigate the damage, and quickly recover.
What is a multi-layered approach?
Malware can always get through a single defense, which is why you need a solution that offers multiple layers of protection. Multi-layered protection can include:
- An anti-spam engine to stop the unwanted emails from reaching user inboxes
- Anti-evasion technology to defeat attacks that use advanced evasion techniques hide their embedded threats and malicious URLs
- Threat intelligence to prevent emerging attacks from infiltrating your emails
- Anti-phishing engines to prevent any type of phishing attack before it reaches users
- Anti-spoofing technology to keep users protected against social engineering and payload-less attacks
- Antivirus software for emails to minimize the risk of being infected by malware
- Detection to prevent advanced attacks, such as advanced persistent threats (APTs) and zero-day attacks that conventional defenses miss
- URL filtering to prevent users from visiting harmful sites
With more than 500,000 new malware samples identified every day and the malicious use of advanced technologies like automation making todays cyberattacks more devastating, it becomes impossible to defend data with legacy solutions. Only an integrated, multilayered approach to email security delivers the reliable protection needed for today’s workloads.
The Acronis Team