3 Email security trends MSPs shouldn’t ignore
Email security is a primary threat vector for businesses of all sizes, and that won’t be changing anytime soon. The nature of those email-borne threats is evolving, though, and MSPs need to keep up. You can’t have an email offering that stands still — and neither can your vendors. The threat landscape is simply too dynamic.
Trends in email security
1. Email-borne threats are pervasive
A full 87 percent of the 634 IT security professionals surveyed worldwide said their company had faced an attempted email-based threat in the past year. And email threats are getting worse. More than four-fifths (81 percent) of respondents said the frequency of email-based attacks has increased in the past 12 months, and the same percentage said the cost of a breach has increased as well.
2. Cybercriminals are shifting to attacks with quicker payouts
When asked what type of email security attack would be most expensive for their company, IT professionals responded differently depending on the size of their company. Respondents from organizations with more than 5,000 employees were most concerned about stolen information (52 percent). IT pros at small to medium-sized companies thought ransomware (44 percent) or business email compromise (30 percent) would be more expensive.
Large enterprises are often the first to be targeted by new types of attacks, with the threat spreading to the SMB market as it becomes more pervasive. That’s why SMBs are seeing a lot of ransomware right now, but based on what’s happening at the enterprise level, small businesses need to get ready for spear phishing and account takeover, two emerging threats. And MSPs need to be prepared to help their customers get ready to defend against these types of attacks.
3. Anyone can be a target
Respondents were fairly evenly split about who would be most likely to fall for an email attack— 46 percent thought individual contributors would be most vulnerable, and 39 percent said executives would be most likely to be tricked. Executives will have more access to sensitive data, though, which could lead to higher payouts. It’s a factor that helps explain the increasing popularity of spear phishing and whaling.
How email attacks are evolving
Even though ransomware and business email compromise are comparatively new threats, they have quickly become popular with cybercriminals because they cut out the middleman. With ransomware and spear phishing, the criminals get paid directly instead of waiting to find a buyer on the dark web for the stolen information.
Spear phishing is more targeted and personalized than other phishing attacks, and it isn’t stopped by legacy email security solutions because there aren’t any malicious links or attachments. Instead they usually feature seemingly legitimate requests to wire money.
These attacks can also evolve into account takeovers. Savvy cybercriminals are using spear phishing to get Office 365 login credentials for targeted individuals and then using the compromised account to send more convincing spear phishing emails to other individuals in the organization.
That’s why the Barracuda team developed Barracuda Sentinel, which uses machine learning to analyze communications patterns to identify and prevent spear phishing attacks. And, because it is API-based, not gateway-based, it can detect attacks the gateway can’t, such as a compromised account sending out bad emails internally. The AI platform also helps identify individuals that are most likely to be at risk for spear phishing so MSPs can provide them with anti-fraud training.
The solution also includes an intuitive wizard for setting up DMARC (domain-based authentication reporting & conformance). This helps ensure deliverability of legitimate emails and prevents unauthorized emails from being sent from customer domains.