Don’t let email attachments become your weakest link

The email is not going away despite platforms like Facebook at Work, and so organisations need to modernise their email security.

Whether email is your best friend or your worst enemy, there’s no denying that it’s here to stay.

Almost 25 years since the first ever email attachment was sent, email has become a core means to both communicate and collaborate for the vast majority of businesses.

That’s despite the rising use of cloud-based file sharing services such as Dropbox and Google Docs, which in many cases are actually being used alongside, not in place of, email services.

Research from The Radicati Group actually suggests that email use will continue to grow at a healthy pace, with estimates that 246 billion emails will be sent every day by the end of 2019.

Email is a top threat vector

As with any popular technology, where the crowds flock, so do those hoping to profit.

While email has become one of the most widely-embraced methods to communicate, cyber attackers have increasingly used it as a primary attack vector.

As long as organisations use email to send and receive files, malicious email attachments will continue to plague corporate inboxes.

>See also: How to solve the five biggest email security problems

In most cases, hackers take advantage of the fact that the majority of busy employees have a ‘click first, think second’ mentality. Unfortunately, this has the potential to lead to enormous damage.

In recent years, the tactics used by hackers to target email accounts have evolved from mass spam campaigns into highly sophisticated spear phishing attacks and emails loaded with ransomware or other forms of malware that aid data theft.

Some research suggests that up to 91% of advanced persistent threats now start with a targeted email attack.

It’s clear then, that organisations need to be certain that the actions they take to protect email accounts can truly keep their users, data and assets safe.

So where to start? Everyone knows that traditional anti-virus software can only go so far, and is especially ineffective against the more sophisticated phishing campaigns.

There are a growing number of incidents that illustrate this view. For example, it certainly didn’t help that in August a public domain antivirus signature provider wrongly categorised Microsoft documents as viruses.

With all legitimate Word documents blocked from transmission, it didn’t take long for vendors to disable the antivirus technology.

The documents could all get through, but so could any malicious attachments that the software would have otherwise blocked.

Of course, enterprising cyber attackers didn’t take long to work out what was happening and the volume of malicious Word documents being transmitted over email exploded.

At the height of the surge, our analytics found that around 80% of all Word documents attached to emails contained malicious code.

>See also: How to harness the power of simplicity for better email security

It’s certainly a sobering example of how criminals are fast to adapt and respond to changes in the security industry.

The example also serves to highlight the need for multiple layers of protection. In this case, non signature-based defences would have been absolutely essential to keep the malicious docs out of employee inboxes.

When employees are opening up hundreds of emails each and every day, email security is no mean feat.

That said, a multi-layered approach to protection, covering processes, people and advanced technologies can put businesses in a strong position in the fight against email-borne threats.

Keep your IT up-to-date and keep a watchful eye on it

Version control may seem an obvious security practice, but it’s worth highlighting just how essential it is to install the latest versions of operating systems, applications and email platforms.

Vendors regularly release security patches that can help reduce exposure to some attacks, so keeping the entire IT infrastructure up-to-date is a straightforward and cost effective (free!) way to boost email security.

Minimising the fallout of a potential malware attack is of course a priority.

>See also: The oil and gas industry: prime target for email security threats

From a process stand point, this means ensuring that IT teams have full visibility of any identified malware activity, so that infected users can be automatically quarantined.

This should help to prevent malware from spreading within the network, or creating unwanted communications to the outside world.

Limit exposure with employee training and access controls

Employees represent a business’s first line of defence against email threats, so they have a big responsibility to help protect data and keep the company secure.

Most of the time, individuals are simply too busy or too ignorant of the consequences to consider for more than a second or two whether they should open a questionable email or attachment.

The hackers are making it even harder for security teams because they know that at the beginning or the end of the day, when people want to get stuff done or get out the door, they are more likely to be fooled by an email attack.

For this reason, there are often spikes of malicious activity early in the day or late in the afternoon.

Cyber training needs to be an ongoing endeavour that engages employees and regularly updates them on the latest threats and tactics used.

>See also: Six ways email security can aid compliance

Access controls can help to limit the impact that a compromised account can have on the business.

If an employee’s credentials or device are infected, the damage a hacker can cause is only limited to the files or information that those credentials or device can access.

Making sure that employees can only access the information that it essential to their role is key because stopping a data breach starts with preventing data collection.

Ensure you have suitable technologies in place

Email scanning is a good place to start when looking at email threat prevention. Attachments need to be scanned before they are opened so that all files and URLs are analysed.

Sandboxing is one such technical control that should be used for this as it can provide a powerful additional line of defence.

>See also: 7 in 10 Brits do not know opening an email could lead to a cyber attack

Ideally, all emails will be scanned in real-time and any that appear suspicious will be automatically sent for further analysis in the sandbox environment.

Cloud-based sandbox environments are the most popular, as this is the only way to fully guarantee that even sophisticated malware can not touch digital assets, as only safe files will be forwarded to users.

Make email defence a multi-layered affair

Regardless of size or type of business, if employees are using email, it goes without saying that they will be targeted by email-based threats.

Dealing with these threats means going beyond traditional antivirus or intrusion prevention systems, with multiple layers of defence.

This means keeping the IT infrastructure up-to-date and monitoring activity on the network and containing any compromised accounts.

This means more stringent access controls and more engaging, proactive employee training.

And finally, this means more advanced threat detection technologies that can both spot targeted attacks and detect and extract malware before it even enters the company network.


Sourced by Wieland Alge, VP & GM EMEA at Barracuda Networks

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...