Email is everywhere.

Over 300 billion emails are sent and received every day worldwide, with the average office worker receiving 121 emails daily. This offers a huge potential attack surface for cyber threat actors to exploit.

Emails sent diagram

Fortunately, the most common secure email gateways such as Microsoft 365 do come with some of their own native protections built in. Microsoft Defender, Office 365’s native security gateway, offers basic spam filtering and attachment scanning to keep easily detectable email threats from reaching your mailboxes. However, even Microsoft recommend that users deploy third-party email protection in addition to their Defender service for total email security.

 

Why do attackers prefer email?

Email offers a clear route of access behind a company's defences, by giving attackers direct contact with individuals. The human layer is often the weakest point of an organisation’s defensive measures - relying on staff to have good and up-to-date cyber security knowledge, as well as requiring constant presence of mind.

 

If a cyber threat actor crafts a well-optimised email message, one small error by a user can cause dramatic outcomes for the affected business. Knowing this, cyber threat actors have become much more proficient with social engineering techniques in order to manipulate their intended targets into divulging private information or login details.

 

83% of businesses in the UK have identified a phishing attack in the last 12 months, followed to a much lesser extent by impersonation and other malware. These attacks can be much more difficult for secure email gateways to detect and defend against, as they leverage human vulnerabilities rather than cyber weaknesses.

 

Among these socially-charged methods of email attack are email spoofing, where an attacker forges a sending address by pretending to be someone else. These can quickly and easily slip past any unsuspecting users, who might then respond with confidential information or login details, which would help the cyber attackers progress further towards their end goals.

 

As threat actors continue to develop these insidious methods of infiltrating organisations and attacking them from within, it’s imperative that businesses continually test their resiliency and vulnerability against these attacks. One method of improving an organisation’s human layer security is to enforce security awareness training for staff.

 

Another benefit of email for cyber threat actors is the ease of automation that it offers as an attack vector. Emails can be mass produced and sent to targets in bulk for little-to-no cost and with minimal human intervention. This allows cyber criminals to commence large scale email-based attacks effortlessly.

 

Yet it isn’t only bad cyber threat actors who can generate email-borne security breaches. Outbound mail from staff is a highly dangerous vector of data breaches, where an employee can send an email out from their business account containing sensitive information in the text or with a mis-attached file.

 

In the wrong hands, outbound messages like these can throw the door open for cyber attackers to enter a company’s IT system. In fact, 97% of IT leaders reported that the risk of insiders causing data breaches was a significant concern for their organisation.

 

It’s clear that email provides a wealth of opportunities for cyber threat actors to take advantage of – using both inbound & outbound messages – but there are measures that can protect businesses against email attacks.

email is fast cheap direct

 

Defence Against Email Threats

The Barracuda Total Email Protection stack is a comprehensive SaaS solution for businesses to protect their company mailboxes. It offers behavioural analysis powered by A.I., inbound & outbound mail scanning, and staff awareness training.

 

The Total Email Protection service takes a multi-layered approach to email security, by stacking multiple protective filters over a company’s mailboxes to vastly reduce their email gateway’s attack surface and to eliminate threat vectors.

 

A.I. behavioural analysis also counters against outbound data breaches as well. It scans email environments and recognises patterns of behaviour for each email user in the organisation, and uses this information to detect anomalies or unusual behaviour in emails that might indicate a compromised account or potential data leak.

 

In addition, the Barracuda Total Email Protection stack also includes staff security awareness training – a crucial component of comprehensive email security. There’s no doubt that human error is one of the biggest vulnerabilities for most businesses today, and high-quality staff training is key to reducing risk across a company’s email landscape.