Of all the many and varied cybersecurity threats facing enterprises, it can be easy to overlook the threat posed by email. Other cyber-attacks such as nation-state threats are often deemed more newsworthy and more of a priority for cybersecurity teams. But email remains a principal means of attack for cybercriminals, and all the while it is so widely used will continue to be a significant threat.
Recent research from HP Wolf Security looked at the cybersecurity landscape in the first half of 2021 and found that email is still the most popular way to deliver malware and other threats.
According to the analysis of threat alerts in organizations from industries including manufacturing, shipping, commodity trading, maritime, property, and industrial supplies, more than three-quarters of threats were sent through email messages in that period.
Advanced email protection needs to be a top priority for any organization that is serious about cybersecurity. What’s the best way to approach this?
Cybersecurity training - ransomware, spyware, and phishing
It can’t be stressed enough that employees in any organization need to be trained thoroughly and regularly in what to look out for in a cyber-attack. Ransomware, spyware, and phishing are some of the more common ways in which email is used to gain access to a network or system, and all can be hugely problematic.
Ransomware is a particularly insidious threat, a specific form of malware that uses encryption to access systems and then withhold data until a ransom is paid. Not only can it leave an organization without access to data for long periods, but the repercussions can be highly damaging.
The short-term financial impact of disrupted operations or paying the ransom should not be discounted, but the longer-term damage to a brand is potentially even worse. Customers may think twice about staying with a provider that shows such apparent disregard for their data. At the same time, prospects would be forgiven for wondering whether it’s a good idea to switch providers.
That’s why training is such an integral part of advanced email protection and should never be overlooked. Clearswift research with public sector employees in 2020 found that 77% of respondents had not been trained to recognize ransomware. 16% had no cybersecurity training whatsoever, and 13% just once.
That's a concerning number, and when working with clients, we always stress the importance of ensuring employees undertake as much training as possible. They should have a good idea of how to recognize an email containing a threat and know the processes to follow should they click a link or open a document that they believe to be of risk.
Furthermore, cybersecurity training should be ongoing, not a one-off occurrence.
Deploying the right email security solutions
But people are human and will occasionally make mistakes. 11% of respondents in the Clearswift research admitted that they had clicked on a link in an unsolicited email at work. Phishing emails and social engineering lures can be incredibly realistic. It is easy for anyone to be distracted and click a link or open a document in an email that looks like it has come from a trusted source.
Any organization taking advanced email protection seriously then, needs to use the appropriate email security solutions. The Clearswift Secure Email Gateway solution certainly comes into that category, suitable for an organization using email services based in the cloud or on-premise.
Clearswift’s Secure Email Gateway provides complete peace of mind for cybersecurity teams. A notable strength is its Structural Sanitization, which removes malicious code, and stops embedded macro-malware and ransomware from even entering a network. This includes attacking uploads, as well as providing protection against phishing emails. Even more importantly, it works without interruption to communication flow, meaning the organization can continue operating as it usually does.
Complete data loss prevention
Keeping confidential data safe has grown in importance over the past few years, to the extent that for many organizations, Data Loss Prevention has become their main priority. The Clearswift Secure Email Gateway plays a crucial role in this. It relies on Optical Character Recognition (OCR) functionality to detect and extract text from workplace documents such as Word and Excel that are sent via email and image-based files too.
It inspects structured and unstructured data within an email, reducing the number of false positives, in contrast to traditional ‘stop and block’ email security products. Keeping the flow of information is vital in most organizations. They cannot afford for essential documents to be held up as they have been incorrectly blocked for having potentially dangerous threats in them.
Office 365 email security
Many businesses now prefer to manage their email services through the cloud. Office 365 is the most popular method of doing so and has hundreds of millions of active monthly users. Microsoft has made a great effort to ensure the security of Office 365, but it can still be vulnerable.
It’s a major target for cybercriminals, and to be truly safe and secure, it requires an additional layer of protection. The Clearswift Secure Email Gateway fits the bill perfectly, coming with all the security features valued by global customers, such as Adaptive Data Loss Prevention, Advanced Threat Protection, Email Attachment Sanitization, all within Office 365.
Clearswift Secure Email Gateway is just as secure with cloud deployments (whether hosted or managed) as with on-premise. This is important, given moving email to the cloud has become more of a priority for organizations since the pandemic.
Advanced email protection is perhaps the key component in any organization’s cybersecurity toolkit, encompassing practical training for employees and the best email security solution.