Dive Brief:
-
Roughly 1% of emails are considered malicious, according to a FireEye Email Threat Report. About 90% of email-based attacks don't contain malware and instead use C-suite impersonation, spear phishing, harvesting credentials and W2 scams.
-
Fewer than 10% of cyber crimes occur outside of email. Phishing schemes increased by 65% in 2017 and overall ransomware damages hit $5 billion in 2017.
-
Less than 60% of abnormal email traffic is thwarted by threat intelligence and one in every 10 emails is blocked on a content level using URL defense, URL inspection or impersonation detection, according to the report.
Dive Insight:
Email security is fundamental in enterprise cybersecurity. The vast number of emails employees receive is enough to put an organization on high alert when playing a game of email Russian roulette.
The majority of cyber breaches, 66%, are caused by employee negligence or malfeasance, whereas outside threats caused less than 20% of breaches. Because of this, it's important companies adopt learning and development practices so employees can better serve as the last line of defense.
As the most favored form of communication in the enterprise, email is going nowhere. Email service providers like Google are adopting more in-depth forms of security to protect users. In April, Google introduced confidentiality mode, which allows users to require authentication to open specified emails or assign an expiration date for them.
Still, if one email is strong enough to comprise an entire security network's integrity, there are larger issues that need addressing. Organizations need a layered approach, including prevention, detection and deception aided by advanced analytics and orchestration. By doing so, alerts are correlated and threats can be prioritized based on their criticality.
