If you use Office 365 or G-Suite for email and you are not using an additional cloud based email security solution, you could be at risk from sophisticated threats such as zero-day malware and phishing attacks. The basic level of protection provided as standard by cloud email providers does a good job when it comes to blocking unwanted spam emails. You can expect to block more than 99% of those unwanted emails using the spam filters that are included in those solutions. You will also be reasonably well protected against malware, as the antivirus engines powering those solutions will block 100% of known malware. The in-built cloud based email security measures will also block a high proportion of phishing threats.
Email Service Providers’ Security Features Will Not Block Advanced Email Threats
The problem for many businesses is they need more than a reasonable level of protection, especially considering the rapidly changing threat landscape and the extent to which businesses are now being targeted via email. During the pandemic, phishing attacks on businesses increased significantly, and attacks have continued to be conducted at light levels ever since. Malware attacks have remained fairly constant for the past few years, but there has been a recent spike in attacks according to SonicWall, which detected an increase in 2022 for the first time in 3 years.
Being able to block 100% of known malware is great; however, new malware variants are constantly being released. The lifespan of each malware variant is incredibly short, as once the signature of that malware has been added to the malware definition lists of antivirus engines, emails containing that malware will be automatically blocked. According to a recent analysis by Acronis, malware typically only has a lifespan of 2.3 days before it disappears and is never seen again. The same report found that 81% of malware samples are only encountered only once. Signature-based detection of malware is important, but it is far less effective now. Behavior-based detection is required, which is typically provided by cloud based email security solutions through sandboxing. Email attachments that pass initial inspection are sent to the sandbox for behavioral analysis to identify malicious actions taken by files, such as attempts to connect to a command-and-control server. Email sandboxing is not provided as standard by most email service providers.
Malware can be attached to emails, but it is most commonly hosted remotely, with links provided to those sites where a drive-by download occurs, or the user is tricked into downloading the malware. Advanced protection is required against malicious links in emails, which link to sites hosting malware or sites hosting phishing forms. Phishing kits such as EvilProxy are growing in popularity, as they can steal credentials and also bypass multifactor authentication. They set up a reverse proxy to the legitimate website for which credentials are sought and relay credentials and MFA codes between the phishing site and the legitimate site in real time and steal session cookies that allow accounts to be accessed. Multifactor authentication should be implemented, but the use of reverse proxies can undo this protection, which is why businesses need cloud based email security that can protect against the initial attack vector and block malicious links in emails.
The malicious links frequently change and are not active for long. Look for a solution that rewrites the links and follows them, including all redirects, and assesses the landing page for malicious content. A cloud based email security solution that provides time-of-click protection is recommended, as links are often sent that are initially benign to bypass email security solutions, and then have malicious content added after delivery.
Protection against phishing attacks is largely provided through checks of message headers, the use of blacklists of known malicious IP addresses, keyword analysis, and checks of known subject lines used in phishing campaigns. These checks are effective at blocking most mass phishing campaigns, but more advanced security is required to identify zero-day phishing threats. IP addresses are often only used for very short periods, and by the time they have been added to a blacklist they have long since been abandoned. When evaluating cloud based email security solutions, look for one that has predictive capabilities for anticipating new threats from previously benign IP addresses, performs a Bayesian analysis and uses heuristics for predicting new attacks.
Add Extra Layers of Protection for Cloud Email with a Third Party Cloud Based Email Security Solution
There are many cloud based email security solutions available from cybersecurity companies that have been developed to work seamlessly with Office 365 and G Suite for improving protection against advanced email threats. Look for one that augments – rather than replaces – the protection provided by an email service provider and adds many more layers of advanced protection such as sandboxing, malicious link protection, and has predictive capabilities to ensure you are properly protected against sophisticated email threats.
