Email security has always been a challenging aspect of cybersecurity. With bad actors constantly finding new ways to bypass defences and make a profit from their attacks, cyber security is a never-ending arms race. It's important to note that no single security control is 100% effective, as the next evasion tactic is always unknown. To combat this, multiple layers of security controls are necessary. One of the key layers is to protect against email threats. Here are five reasons why you need better email security and why your current email security might not be sufficient.
-
Email security is not a commodity: Despite the fact that more than 90% of attacks start with an email, only about 5% of total global security software spend goes towards email security. This is due to the belief that email security is a commodity and organizations rely on free email security from their email platform. However, independent test labs show these services often lack adequate detection efficacy.
-
Rapid appearance and disappearance of malicious domains and websites: With over 200,000 new domains registered daily, around 70% of them being malicious or suspicious, it is impossible for any cyber security company to keep track of every new malicious domain and website. This makes it crucial for email security to re-write URLs before delivery and check them every time the recipient clicks on them, following the URL to its final destination and analyzing its content.
-
Phishing kits are driving an increase in phishing attacks: The availability of phishing kits and phishing as a service has made it easy for any non-technical cybercriminal to launch a phishing attack, with kits containing everything needed for a phishing campaign available for as low as $99. The more expensive the kit, the more tactics it includes to evade detection by the target's email security.
-
Successful compromise of email accounts: A major goal of many email attacks is to steal credentials, with over half of the respondents in a Tech Validate survey reporting threats caused by attackers compromising their email accounts in the previous 12 months. The success of cloud services like Office 365 has made it a major target for credential theft, with phishing kits designed to steal Office 365 credentials. Once inside a user's account, the attacker can monitor and divert emails, understand the business, and spread malicious activity from one infected user to another.
-
Evasion tactics make detection difficult: Just like the first polymorphic viruses were designed to change slightly to evade detection by AV engines, malware today tries to evade detection by even the most advanced sandboxes. Phishing emails also use tactics such as impersonating domains, senders, and websites to trick the recipient and evade detection. Mimecast research found that 26% of malicious emails were impersonation attacks and 67% of organizations saw an increase in such attacks over the previous year. The target server or phishing webpage could also use various evasion techniques, such as blocking IP address ranges known to belong to security companies, using cloud hosting to present valid SSL certificates, HTML character encoding, and web page encryption to prevent machine analysis, among others.
"At Concorde Technology Group, we understand the importance of robust email security in today's digital landscape. We believe that email security should not be treated as a commodity, and that's why we have partnered with Mimecast, a leader in the field. Mimecast provides a multi-layered defence and a deep understanding of the tactics used by cybercriminals to evade detection. With Mimecast, you can have peace of mind knowing that your email security is in the hands of experts.
At Concorde, we are dedicated to providing best of industry security solutions that add value to your business. Our team combines exceptional technical expertise with a commitment to transparency and innovation to deliver tailored solutions that meet your unique needs. We are proud to be a certified partner of Mimecast, offering their email security services to our clients of all sizes.
Mimecast's Targeted Threat Protection and advanced detection engines protect your email from the latest threats, such as malware, spam, phishing, and targeted attacks. By choosing Concorde, you can rest assured that your email security is in the best possible hands."
Neil Roberts, CEO