Best Practices Against Email AttacksOrhan Sari
Malicious emails are one of the most dangerous and continuous computer security threats that they deliver malware, and tempt victims to malicious websites, and get their credentials. Even many next-generation cyber intelligence tools have failed to prevent these attacks. Today, email-based attacks have reached fantastic levels of force on all sizes of organizations. For instance, common forms of email fraud have cost organizations more than $12.5 billion in losses according to the FBI. 1
A number of businesses have lost hundreds of thousands to millions of dollars i.e, Google and Facebook lost $100M, an Australian aerospace parts maker lost $47M, and California network equipment maker, Ubiquiti lost $46.7M. Businesses, cities, hospitals, along with tens of thousands of normal businesses have lost significant parts of their income due to email-based phishing scams.2
Cybercriminals combine harmful links, attachments, and temptations in numerous techniques to generate effective malicious email attacks. They use many tactics to send certain malicious emails and develop their methods frequently to avoid resolutions that can block them. They use:
- Domain spoofing: “Company <firstname.lastname@example.org“
- Display name spoofing: “Company <[email protected]company.com”
- Similar domain name: “Company <[email protected]company.me”
Despite cyber intelligence technologies are effective systems to prevent these attacks, they are not adequate unless they are integrated into other next-generation technologies.
Percentage of Organizations That Have Been the Victim of a Security Incident
According to Malwarebytes Report (2018), an extensive range of security incidents that have occurred in 2017, most successful phishing attacks that infected one or more systems with malware with 28 %, targeted email attacks from a compromised account with 25 percent and the loss of sensitive or confidential information that was successfully leaked through email with 25 percent. See Figure 1 below.
Figure 1. Percentage of Organizations That Have Been the Victim of a Security Incident During the Period March 2017 to March 2018 3
Security Issues That Concern Organizations Most
According to Malwarebytes Report (2018), organisations focused on email as a key threat vector: phishing, malware infiltration and spearphishing. However, a number of other cybersecurity threats are also of concern, including malware infiltration through Web browsing, data breaches, and account takeover-based email attacks.
Figure 2. Percentage Responding a “Concern” or “Major Concern” 4
Best Practices to Apply
Use Cyber Intelligence Services
Cyber intelligence services scan the web, searching for signals and data that may represent a breach of your data security and a threat to your business. However, you should have other technologies to integrate them into your current cyber intelligence service, like phishing simulation and incident response tools that are required for a holistic solution against cyberattacks.
Keep in mind that anyone can be hacked!
Administrators must know that their users can be the victim of various email-based attacks like phishing, spear phishing, CEO Fraud/BEC, ransomware, malware attacks, other cyber attacks. They must understand the risk they can face.
Check your current security infrastructure and practises
Administrators should check their current cybersecurity infrastructure and security technology they use. Also, they should evaluate users’ cybersecurity awareness training programs, and incident response operations and other security policies.
Consider multi-layered solutions for email security
A cybercriminal does not directly attack the target organisation. He/she collects data, then by using this data, he/she attacks the target (In this stage, cyber intelligence services play a vital role). Also, he/she uses advanced methods to infiltrate into the system. The sophisticated cyber attacks like ransomware, spear phishing, cryptojacking, zero-days, CEO Fraud, etc. are evolving day by day and they need advanced solutions to be stooped, traditional cybersecurity solutions are no longer enough to stop them ( in this step, phishing simulation, email vulnerability test or email threat simulation and incident response services play an important role). Advanced solutions should address all phases of the life-cycle of email-based attacks.
Apply a holistic cybersecurity policy
Cybersecurity processes should have holistic aspects: people, process and technology.
- People: As the last line of defence, you train your employees with best practices.
- Process: You should always check your existing solutions with appropriate reporting and monitoring mechanisms and/or tools. Cybersecurity is an ongoing process.
- Technology: Use the efficient cybersecurity protection tools, like anti-spam, anti-virus, sandbox etc. to protect for first-line for defence.
Create Security procedures and policies
It is crucial to create policies and procedures for all operations related to email security like the email, Web, and social media, computers aro mobile device usage.
Consider the Security Regulations as a security issue
Regulations play an important role in any organization’s approach to protect sensitive data.
Keep systems and applications up-to-date
Vulnerabilities in systems, applications, tools and devices can allow cybercriminals to successfully infiltrate target organisations. Hence, administrators must make sure to update their systems and applications to patch vulnerabilities.
Apply best backup policies
Backing up important data is an effective way to recover from data loss and to restore data to the previous state. Apply the best back up policies and procedures to save your organisation during a cyber attack like Ransomware.
Deploy reporting tools to all users to get immediate notifications
If your employees find any suspicious activity or a suspicious email in their inboxes, they can immediately report it to your IT security department. The faster you know the threats, the faster you will deal with it.
Develop policies to make your users stay alert of suspicious emails, links or attachments
Cybercriminals can use sophisticated spear-phishing attacks lure target users to click on the malicious links to get sensitive information. Administrators should create policies to keep their users alert on clicking on suspicious links or downloading attachments which can secretly breach target system
Create a password management procedure and policy
A strong password policy is the front line of defence to guard your organisations’ transactions, communications and sensitive information. Hence, administrators should make sure that proper rules and policies are in place to help their users apply best practices on password usage process.