Email is ubiquitous in society with estimates suggesting nearly 320 billion emails will be sent this year by 4 billion worldwide email users. This is particularly true in the workplace where, despite the widespread adoption of video calling, email remains a central communication tool for many.
“It’s estimated that phishing accounts for nearly 90% of all cyber attacks worldwide”
With its proximity to an organisation’s network and the inherently insecure nature of email caused by us as users, email remains one of the most popular attack vectors for cyber criminals, so email security is crucial.
An evolving threat
Email phishing has developed into a much more widespread and complex social engineering attacks to try and evade detection. This evolution has meant that legacy email security, such as Secure Email Gateways (SEGs), anti-spam filters and basic staff training are no longer enough. 81% of respondents to a recent survey have experienced an increase in email phishing attacks since the pandemic began, and with new types like Business Email Compromise (BEC) emerging all the time, phishing will continue to pose a huge threat.
“BEC schemes cost an estimated $1.77bn in 2019″
Definition: Phishing
‘Phishing’ refers to fraudulent emails being sent that are designed to trick a person into sharing information that can then be used by the attacker, or to deploy malicious software such ransomware. Simple phishing, where someone might just be encouraged to click fraudulent a link has evolved into a range of different type of attack such as Business Email Compromise (BEC), Spear Phishing, Spoofing and Smishing to name a few.
Different types of attack can evade different types of preventative measures, so having a range of defences in place is needed. The National Cyber Security Centre advocate this multi-layered approach to defending against phishing, and while user awareness training remains part of this, a new generation of email security techniques and tools is developing to support this.
“It takes les than 82 seconds for someone to interact with a phishing email”
The more advanced solutions are built on artificial intelligence (AI), machine learning (ML) and automation, to help them try to keep pace with, and even get ahead of, the rapidly changing landscape. There are also solutions that can not only detect but also remediate malicious email-born threats, speeding up the process and reducing the burden on the security team.
With such a variety of options, it can be difficult to know where to start. Having an appreciation of the threat landscape in the context of your organisation and how the solution will contribute to your overall cyber security strategy should help with determining the right option for you. But understanding all the different possibilities and how to integrate them into your existing security operations can still be a challenge.
Email security service
Maple’s security experts can work with you and your team to understand your requirements and existing solutions and suggest appropriate email security solutions. We can then configure and deploy the solution for you to manage, or we can manage it for you.
Maple offer a range of flexible security support services, including support for email security solutions. This can be either standalone or as part of a wider SIEM or SOC service, depending on your existing solutions and your requirements.
Whether you need 24x7x365 cover or just out-of-hours, our experts can become an extension of your team, working with you to protect your infrastructure.