Risk Management
Email Security Best Practices for Phishing Prevention
Trend Micro Research reported a 137.6% growth in phishing attacks blocked and detected in 2021. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.
Phishing attacks continue to ramp up – data from Trend Micro Cloud App Security Threat Report 2021 shows a startling 137.6% growth in phishing from 2020. It’s no wonder that an Osterman Research report found respondents to be “concerned” or “extremely concerned” about phishing attacks and their employees being unable to spot them before accessing a malicious email attachments or links.
Understandably, it's becoming increasingly difficult for employees to discern phishing given its many forms. No longer just a Nigerian Prince looking to share his wealth, now phishing has branched into six different forms that include text messages and phone calls.
Organisations understand the importance of protecting sensitive information and avoiding a data breach. However, security teams are struggling to contain phishing attacks. Security risks increase due to the inability to view and successfully filter email threats, accurately differentiate between marketing and phishing emails, and apply a multi-layered email security approach with rules to holistically track traffic and stop malicious actions in real life.
This article explores email security best practices to defend against phishing attacks to reduce cyber risk.
Phishing attack trends
Cybercriminals are always evolving their tactics to stay one step ahead of their victims. Here are a few recent changes:
1. Advanced social engineering: Previously, bad grammar and poor sentence structure made it easy for employees to identify a phishing messages. But cybercriminals have since evolved to using logos and studying the voice and tone of their target to mimic. Cybercriminals will also use social media to research how senior executives write, speak, or how their hierarchy is structed in order to infiltrate an organisation.
2. Multiple phishing forms used in tandem: Cybercriminals want to create a sense of urgency to prompt victims to act quickly. To do this, they’ve turned to doubling or tripling-up on phishing techniques. The National Cyber Security Center reported several incidents where multiple phishing techniques were used, such as sending a whaling email followed up by a phone call (vishing) to quickly establish trust and confirm the request.
3. Hijacking an existing thread: Malicious actors can compromise an existing email thread to appear legitimate. Most of us expect a scam email to be a standalone; inserting an urgent wire transfer request in an email chain will be less likely to raise suspicion than a one-off message.
Email security best practices: a layered approach
Strengthening your email security won’t just reduce the financial impact, it can also help you obtain or renew cyber insurance coverage. Questions like “Do you pre-screen emails for potentially malicious attachments and links?” and “Do you have the capability to automatically detonate and evaluate email attachments in a sandbox to determine if they are malicious prior to the delivery to the end-user?” appear on cyber insurance applications. And if you answer no, you could be immediately denied without a chance to reapply.
While native email security is a good start, it simply isn’t enough to protect your business. In 2021, Trend Micro detected and blocked over 33 million malicious emails that slipped past native defences.
How does a layered security approach work? We’ve broken it down into four steps to demonstrate how multiple security capabilities and technologies work to thwart phishing attacks:
1. Email gateway
When an email first comes into the company, it should be inspected by an email gateway. Traditional email security may only provide basic email filtering and protection. Look to use the latest threat defences like AI, ML, and behavioural analysis within a single dashboard to reduce manual tasks for overstretched security teams. Capabilities like authorship analysis compares a suspected impersonation to an AI model of a high-profile user’s writing style. This establishes a baseline to flag anomalies for security teams to further investigate.
2. Cloud app security
Cloud Application Security Broker (CASB) technology ensures that if an email does make it into the inbox and is later deemed malicious with new intelligence or by performing more analysis on the links/attachments contained, it can be extracted from mailboxes. The right CASB solution will be able to scan emails between peers to prevent compromised accounts from sending phishing messaging to other employees.
3. Educate your users
Simply deploying an Acceptable Use Policy (AUP) is too restrictive and will impact productivity. You also run the risk of employees finding creative ways around it to get work done, which creates more security risk by unknowingly expanding the attack surface. Embedding notifications at the top of emails that flag the source as external help employees look at it with a more sceptical eye.
Run phishing simulations to test employee awareness and vigilance. Some cybersecurity vendors will offer security awareness products with their email security solution. Trend Micro™ Phish Insight offers customisable training programs to educate users on the most prevalent and recent threats. You can put their knowledge to the test by running automated and realistic simulations using templates extracted from real phishing scams.
4. Secure web gateway (SWG)
SWG sits between the end users and the internet, inspecting traffic inline across multiple security techniques, including TLS/SSL.
If a user does click a malicious link, SWG technology will perform image analysis and use machine learning to analyse branded elements, login forms, and other site content to recognise fake websites while reducing false positives. Also, with an Acceptable Use Policy (AUP) in place, risk can be further limited by disabling access to unsanctioned apps requiring users to input sensitive personal information.
Integration with a broader platform
Instead of deploying a disparate security solutions, look for an offering that is part of a unified cybersecurity platform backed by broad third-party integrations and extended detection and response (XDR) capabilities.
XDR collects and correlates email activity data as well as geo-location, time and access information, plus other behaviour indicators to build a user profile. Thus, if a deviation is detected, it is flagged for further investigation. Correlating data also helps to shrink the attack surface exposure and reduce the likelihood of a breach.
Next steps
For more information on phishing and other email cyberattacks, check out the following resources: