For most enterprises, email continues to be a primary channel of communication. According to a study by the Radicati Group, the total volume of worldwide emails sent and received per day is expected to reach over 246 billion by the end of 2019. Unfortunately, the widespread use of email also makes it one of the most frequently exploited vectors for cybercrime.
Emails are often used to deliver a myriad of vulnerabilities to an organisation. Some of the more common email-borne threats include:
Spam – also known as junk email, whereby unsolicited bulk messages are sent through email which can clog inboxes and network resources, reduce businesses productivity and increase operational costs.
Malware – malicious software which are typically embedded into email attachments. There are various types of malware, including spyware, keyloggers, trojan horses, viruses, adware and worms. Once downloaded or opened, malware allows hackers to infiltrate the whole organisation, gain access to sensitive data or even crash systems.
Ransomware – this particularly nefarious malware variant, once activated, embeds itself on a network and encrypts or locks critical files and systems, preventing access until a ransom is paid. Ransomware is among the fastest growing threats in cybersecurity today and in 2016, 71% of ransomware was delivered via email.
Phishing – is a type of online scam where the perpetrator sends out emails, typically laden with malware or embedded links to spoofed websites, that appear to be from a legitimate source in an attempt to acquire private or sensitive information such as usernames, passwords and credit card details.
Spear Phishing / Whaling – this is a more targeted form of phishing that uses various forms of social engineering techniques to create highly customized attacks aimed at specific individuals and organizations. In many cases, cyber criminals will often do extensive research on their potential victims to make their emails seem more legitimate.
Business Email Compromise (BEC) – Also known as Impostor Email or CEO Fraud, BEC is another type of social engineering scam that’s on the rise. Impostors make use of compromised email accounts or identity spoofing to pose as a high-level executive within an organisation in order to trick employees working in the accounting or financial department, or even customers, to transfer funds to a fraudulent account.
Outbound Email Hijacking – Not only do enterprises need to protect their email from outside threats, like spam, viruses and malware, but inside threats as well. Email accounts that have been hijacked or compromised could be used by attackers to propagate malware as well as sensitive corporate and customer information, causing severe harm to a company’s reputation.
As the threats continue to grow in both complexity and sophistication, it’s crucial for businesses to implement a reliable, next-generation email security solution to protect their users, data and assets. Of course, the human factor also plays a significant role and employees need to be made aware of the importance of good email security practices as even the best security solution is only as secure as the people using it.