Email Security & Cyber Awareness
28 Feb 2023
A close glance at one of the main cyber-attack vectors and how to guard against its threats
Emails represent one of the most popular forms of communication in the world, both for professional and personal purposes. However, it is also one of the most targeted by cyber criminals and the statistics are alarming: 1 in every 99 emails is a phishing attempt, while 90% of successful cyberattacks can be attributed to phishing emails. In addition, organizations have incurred losses exceeding $26 billion due to business email compromise (BEC) attacks globally during the last 6 years.
In this context, Secure Email Gateways (SEG) have always played an important role in the email security strategy of organisations, providing a basic layer of protection against the most common email-based threats. SEGs are primarily designed to filter out emails containing malware, viruses, or other malicious content that could harm the network of an organisation or compromise user data. Currently, this technology is widely used also to enforce email security policies (such as in terms of data loss prevention - DLP), to block spam and phishing emails and simplify email management.
However, limiting email security to gateway protection is no longer sufficient in the current complex threat landscape. Sophisticated threat actors have devised innovative methods for executing targeted phishing and business email compromise (BEC) attacks, which can evade detection by Secure Email Gateways. It is the case, for instance, of polymorphic emails. According to a recent study, nearly all non-trivial email spoofing attacks – almost 99% – are successful in bypassing Secure Email Gateways (SEGs) and reaching the target mailboxes.
Enterprises are called to improve their ability to detect and respond to email-based threats that were not captured by their email gateways through the use of automated post-delivery detection and response capabilities. This is only possible with appropriate technologies that can combine the potential of AI with cyber awareness.
With deep knowledge of the most advanced technologies in the field of phishing, prevention, detection & response, the RINA cybersecurity division helps many organisations protect themselves against the most complex and modern email attacks.
