Guarding Your Inbox: The State of Email Security

Is your email security solution doing everything it should to protect your company from cyberattacks?

The recent announcement by U.S. State Department IT officials of a major email breach shined a spotlight on email security. Hackers had stolen 60,000 emails from the inboxes of 10 State Department employees, including travel itineraries and diplomatic deliberations.

The majority of cyberattacks start via email – Deloitte reports 91% of all cyberattacks begin with a phishing email to an unsuspecting victim. Whether attackers use phishing, spoofing, malware, zero-day attacks, or business email compromise (BEC), they have no shortage of ways to turn your business email against your company.

Read on for the latest trends, techniques, and predictions for email threats and security strategies.

Current State Of Email-based Threats: 4 Trends To Know

Organizations continue to deal with an onslaught of threats to their email security. According to Proofpoint’s 2023 State of the Phish report, 84% of survey respondents said their organization had experienced at least one successful email-based phishing attack in 2022, and more than half said they had dealt with three or more attacks.

As phishing and other email threat techniques become more sophisticated, email security solutions have to keep pace. Attackers are using newer technologies such as AI-powered tools to make phishing attempts harder to detect. Jason Marocchi, Sayers Cybersecurity Engineer, says:

“Attackers aren’t just forwarding a malicious payload and hoping you click on it. It’s becoming a long process of infiltrating a corporation or organization, finding who to target, and determining how to get to the company’s financial department.” 

Current email security trends of note include:

1. The volume and sophistication of email attacks are increasing, with business email compromise now the primary focus of adversaries looking for the biggest payout. 

BEC scams commonly involve spoofing a legitimate email address to appear as someone known and trusted by the victim. But BEC schemes continue to evolve. More recently, bad actors have victims send funds directly to cryptocurrency platforms where funds are quickly dispersed, according to the FBI 2022 Internet Crime Report.

Even with SPF, DKIM, and DMARC protocols in place as authentication safeguards to stop at least a portion of malicious emails, 89% of unwanted messages “passed” those checks and got through anyway, according to Cloudflare’s 2023 Phishing Threats Report.

The majority of email attacks reported by organizations in the past year cost in the range of $500,000 to $1 million for a single email attack.

2. Business email compromise is now costlier than ransomware.

The amount of adjusted losses in 2022 from nearly 2,400 ransomware complaints totals more than $34 million, according to the FBI 2022 Internet Crime Report. In contrast, nearly 22,000 BEC complaints reported adjusted losses of more than $2.7 billion in the same year.

The FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud says:

“BEC is one of the fastest growing, most financially damaging internet-enabled crimes. It is a major threat to the global economy. …BEC actors have targeted large and small companies and organizations in every U.S. state and more than 150 countries around the world.”

Domestically, from 2013 to 2022 the FBI reported more than $17 billion lost from business email compromise attacks. 

3. Attackers are using links as their top phishing tactic. 

Many email threats use link manipulation, or URL hiding, to send a malicious URL that appears to be legitimate. According to the Cloudflare report, malicious links comprised nearly 36% of detected threats to become the #1 threat category.

That’s why advanced email security tech stacks should include dynamic URL analysis and URL rewriting to block access to malicious links. Marocchi says:

“Static URL analysis just isn’t effective anymore. Typically, an attacker will send an email with a URL. Once the URL is scanned, deemed safe, and sits in the mailbox for a while, they’ll retroactively change the landing page of where that URL will go and weaponize it into a malicious link.”

4. New attack techniques use AI and collaboration platforms to infiltrate organizations.

Companies are facing new attack techniques including WormGPT, an AI-enabled private chatbot used by cybercriminals to write malicious software and phishing emails. Thanks to generative AI, these emails are more sophisticated and persuasive than many attackers could write themselves, making the phishing emails more difficult to detect as malicious.

Companies also have to be concerned about security for collaboration platforms. Attackers have hacked into videoconferencing platforms and even impersonated tech support in a Microsoft Teams message to trick victims into sharing login credentials. Marocchi says:

“What we’re seeing is the breakdown in trust of communication channels. It’s not only email that an organization needs to be concerned about.”

Email Security 101: 3 Main Types of Email Security Solutions

Organizational email security solutions tend to fall into three main categories:

Secure Email Gateway (SEG). Traditionally, emails passed through a SEG hardware appliance for inspection. Most today are software-based and act as a filter between the external network and an organization’s internal email infrastructure. Each email has to go through the gateway where it’s either blocked or allowed to pass through.

API Email Security Solutions – Parallel. This iteration of email security using Application Programming Interfaces runs in parallel to your delivery system and reviews all emails sent to the user’s mailbox. If the parallel API solution determines an email is malicious, it will remove the malicious email from the user’s mailbox immediately after delivery. 

API Email Security Solutions – In-line. These solutions combine the perimeter defense of the SEG with aspects of API email security capabilities such as language analysis. Mail goes to the internal email infrastructure, such as Microsoft 365, then routes to the in-line API solution for analysis where it’s either blocked or allowed through to the user’s mailbox.

More on API solutions below.

What’s Next In Email Protection

The email security space continues to innovate and evolve in the face of relentless adversaries. Expect to see more changes among email security providers and the solutions they offer:

• Email security providers are branching into collaboration security. Vendors are adding products that integrate with collaboration solutions such as Microsoft Teams and Slack, providing URL analysis, language modeling, and linguistic analysis to determine signs of security compromise. 

• AI vs. AI: Email security solutions turn to AI-powered threat detection to combat generative AI chatbots. Email security providers are launching advanced email attack detection capabilities, using AI-powered security solutions to detect malicious AI-generated emails. 

• Email security providers will continue to add value on top of Microsoft 365 base security offerings. As Microsoft’s email security grows, email security solution providers will need to remain a step ahead. Expect more collaborative efforts and offerings that complement native Microsoft defenses.

• API parallel scanning solutions will develop some in-line configuration for email to flow through before reaching the recipient. Parallel solutions may be able to remove an email from a user’s mailbox within milliseconds of receipt, but a growing number of organizations want to block malicious email before it ever hits the inbox.

• More providers will develop 24/7 managed services offerings to provide visibility and respond to email threats. This managed service will especially help small teams who can’t cover 24-hour shifts.

• Email security vendors are broadening their offerings as part of a platform play. Examples of this include Proofpoint, which acquired Illusive to provide identity threat detection and response, and Cloudflare’s acquisition of Area 1 Security’s cloud-native platform to stop phishing attacks. 

Questions? Contact us at Sayers today to discover how to protect your business from email security threats.