There are many email protection software tools available to protect against email-based attacks and you will likely need to use a combination of these solutions to create layered defenses that are capable of identifying and blocking all email threats. No email protection software, no matter how advanced, will provide total protection against all email threats. To protect against increasingly sophisticated attacks, multiple solutions are required.
Email Protection Software
Email protection software was historically provided as an appliance to deploy on-premises, and while these solutions are still available and will suit some businesses, it is now far more common for cloud-based solutions to be used. These are far easier for businesses to deploy and use, much of the burden of maintenance falls on the service provider, and these are far easier for managed service providers to use to protect their clients. Cloud-based email protection software is often the most cost-effective solution, as there is no need to purchase an appliance or dedicate existing hardware to providing these security functions.
Protection Against Phishing and Malware Attacks
Email protection software is vital for blocking phishing emails. Phishing is one of the biggest threats faced by businesses and is the initial access vector in a high percentage of cyberattacks. Phishing attacks can take many forms, but email attacks are by far the most common. Email protection software searches email headers for known malicious domains and IP addresses, can block malicious links embedded in emails and performs identity checks to identify and block email impersonation attacks. Advanced solutions rewrite all links in emails and scan the websites in real-time for malicious content and block access to those sites.
Email is the most common method of delivering malware. Email security solutions scan email attachments for malicious files, with advanced solutions also incorporating behavioral detection through sandboxing. Suspicious email attachments are sent to the sandbox for deep analysis to identify malicious actions such as command-and-control center callbacks. Without sandboxing, zero-day malware threats would go undetected.
Protection Against Brute Force Attacks
Phishing attacks are conducted to steal credentials but access to email accounts is often gained using brute force tactics. Automated attacks are conducted on email accounts to guess weak passwords and credential stuffing attacks use passwords compromised in past data breaches to try to access accounts where the same passwords have been set. Password policies should be set that require employees to set unique, complex passwords, but it is easy to set a password that meets complexity requirements that could be guessed in a fraction of a second in a brute force attack – P@55W0rd! for example. A compromised email account could be used to conduct phishing attacks internally or on contacts and compromised email accounts are commonly used for distributing malware.
One of the easiest ways of improving password security is to provide employees with a password manager. A password manager can be used to generate complex and unique passwords for all accounts, and those passwords will be stored securely in an encrypted password vault. Users never need to remember passwords as they will be filled automatically when required. Each employee only needs to set and remember one password – The one that provides access to their password vault. To further protect against brute force attacks and the use of stolen credentials, multifactor authentication should be implemented and security teams should monitor for failed login attempts and set account lockouts after a failed number of login attempts.
Protection for Emails in Transit
Email protection software can block phishing and malware attacks; however, many businesses fail to protect emails in transit. Once an email passes from the protected internal environment to that of the recipient, the message can be intercepted. Hackers monitor for email communications and can gain valuable information about a business that can be used in targeted attacks, such as business email compromise, spear phishing, and whaling attacks. By default, emails are not encrypted and are sent in plaintext, which means the content – including attachments – can be intercepted, read, and potentially altered. To protect email data in transit, emails need to be encrypted. Encryption is achieved using TLS for encrypting emails in transit or end-to-end encryption, where the sender encrypts the message, and the recipient must authenticate to decrypt the content.
Protection Against Data Loss
Many businesses invest in email protection software to block phishing, malware, and other types of cyberattacks by external threat actors, but fail to address the threat from within. Employees may be tempted to steal sensitive information, take proprietary data to a new employer, or they may simply make a mistake and accidentally send sensitive data to external email accounts. Email protection software can be used to protect against data loss and theft. Many email security solutions scan outbound as well as inbound emails and can detect sensitive data types such as Social Security numbers in emails and block the delivery of those emails to external email addresses. Outbound scanning can also identify compromised mailboxes that are being used to send spam, phishing emails, and malware externally.
Protecting Against Email Attacks Targeting Employees
Email protection software will prevent the majority of threats from reaching employees; however, the tactics of cybercriminals are constantly changing, and attacks are becoming more sophisticated, so it is inevitable that some threats will be delivered to inboxes. For example, ransomware threat groups have started using hybrid phishing tactics as their primary method of gaining initial access to business networks. An email is sent warning of financial repercussions if no action is taken, but instead of using a hyperlink or a malicious attachment, a phone number is provided. The recipient must call the number to avoid impending costs. The threat actor then uses social engineering techniques over the phone to convince the caller to provide access to the network. This approach is called callback phishing, and the emails that initiate contact are unlikely to be detected by email security solutions.
Email protection software is concerned with reducing the threats that reach employees, but it will not eliminate all threats. It is therefore important to provide security awareness training to the workforce. Training should cover the threats that employees are likely to encounter, they should be taught how to recognize phishing and other social engineering attacks, and be instructed to report any suspicious email to their security team for assessment. Studies have shown that providing regular security awareness training to the workforce can reduce susceptibility to email-based attacks by up to 90% when combined with phishing simulations.