In a 2019 survey, 451 Research discovered that 46% of individuals believe that email is the number one data security threat to their organizations. This isn’t surprising – the reality is that 91% of all cyberattacks originate from user inboxes.
To fully understand the reality of today’s email threat landscape, I recently sat down for a webinar with 451 Research VP for Information Security Scott Crawford where we discussed the evolution of phishing attacks and outlined the three “generations” of email security:
Below you will find a brief overview of our discussion – You can also listen to the full webinar here.
In the beginning, email security filters were designed to prevent bothersome spam and junk messages in the form of unsolicited commercial advertisements from polluting user inboxes. These emails were delivered in mass volumes, mostly to consumers, so posed no real threat to an organization’s network infrastructure.
Eventually, annoying spam messages developed into dangerous phishing emails that contained malicious links and attachments that attempted to manipulate recipients into taking an action that would inadvertently open the network to compromise.
These early phishing attacks became a good source of threat intelligence, giving organizations the ability to leverage threat research and use that information to better protect their inboxes. Consequently, legacy vendors and startups created simple filtration tools, such as secure email gateways, and made it easier for users to report suspicious messages to SOC teams within an organization. They further used this information to develop rules-based responses that addressed specific email security trends targeting organizations.
Eventually, defending an organization’s email security grew more challenging as threat actors leaned into spear-phishing tactics and spoofing, placing new targets on businesses and their personnel in order to gain a meaningful foothold over their victims. New attacks were intended to trick recipients into handing over their user credentials in order to exploit sensitive information.
With the email threat landscape beginning to rapidly expand, security teams had to think outside of the box and consider solutions beyond anti-virus and rules-based responses. In response, vendors upped the ante on threat detection by developing sandboxing, a tool that tests unknown URL links, file types and suspicious senders to detect malicious code before it reaches user inboxes.
Even further, new automation capabilities helped analysts quickly detect bad emails that slipped through the prevention layer, initiate automatic remediation and remove the threat from all affected mailboxes across the entire organization.
Adversaries aren’t blind to the advantage of large-scale automation capabilities and will undoubtedly continue to leverage these tactics to target their next victims. Consequently, the scale of the threat landscape will continue to expand, becoming too large for one organization to manage without support.
Moving forward, it is important that organizations leverage their experiences in threat detection and response by sharing both lessons learned and techniques with other organizations. By leveraging decentralized threat intelligence that is federated within the analyst community, businesses can use the real-time data to prepare for the next phishing attack and further prevent the circulation of similar or trending attacks.
Looking even further ahead, we will also see the increased development of autonomous decision-making as a means to mitigate email security threats across organizations, reducing response time and alleviating demands on personnel and SOC teams. In fact, we recently announced that our virtual SOC analyst, Themis, is now more than 93% accurate in detecting and resolving suspicious email incidents in real-time, freeing up SOC analysts and security teams from repetitive tasks that can be handled automatically, allowing them to focus on more challenging problems.
To learn more about the history of email security, as well as how your organization can prepare for the advanced phishing attacks of the future, listen to the full webinar here.