If there is any solution that is a constant across businesses, it would have to be the use of email. This also means that the risk of threats coming in through an email solution is also present in businesses of every shape and size. How is this shaping our approach to security now, and how will this shift in the future?
A Prevalent Threat, Now and Tomorrow
While messaging applications and other forms of communication are largely phasing email out where personal use is concerned, it is alive and well in the business world. Yet, while it makes for a very useful tool, it can also make organizations vulnerable. Email has been repeatedly identified as the initial touchpoint for 90 percent of security breaches (96 percent according to the 2018 Verizon Data Breaches Investigation Report), yet a survey conducted by email security firm GreatHorn showed that this isn’t being communicated between IT security professionals and users.
The results of this study effectively demonstrated that a full 66 percent of those interviewed for the study saw spam and junk messages, as the biggest threat facing them, but if the responses from the security professionals were isolated, that number drops to lower than 16 percent. This means that approximately 85 percent of security professionals see other factors as larger threats to an email user, while most users assume spam is the worst thing that their inbox will see.
This discrepancy only becomes more disconcerting when the variety of attacks that leverage email in some way is considered. Sure, there’s spam to contend with, but there’s also the propensity that email has to deliver malware, along with the human vulnerability to social engineering and phishing. Some attackers prefer to “join” their targeted company, using business email compromise and spoofing to benefit financially at the company’s expense.
Another concerning statistic to consider: the average professional’s work email open rate is 100 percent. This means that all of those users will not only be blind to threats that don’t look like spam, they are effectively guaranteed to open these messages as well. From there, it isn’t too much of a stretch to think that they might click on a link they shouldn’t, or open a potentially malicious attachment.
How Companies are Securing Themselves
Naturally, firewalls and yes, spam filters, will always be useful in stripping your company’s inboxes of some threats. However, other threats need a different approach to be taken. This has resulted in a few different circumstances.
First, security companies have needed to add extra value to their services in order to stand out from their competition, because if everyone is offering the same antivirus and spam protections as they are, how are they going to attract business without gouging their own prices? Instead of crippling their own profits, these providers have elected to compete by outshining one another with added features. As a result, innovation is accelerated to the benefit of their client--or in this case, you--and we now have enterprise security solutions, which take a centralized approach to network security.
Secondly, the vast majority of email threats require one thing in order to work: human activity. Without you or your employee taking some action, whether it is clicking some inadvisable link or unwisely handing over remote access, many threats can’t materialize into more than just that: a threat. To combat this, you need to promote security awareness at every level of your company - and practice what you preach.
Fighting Email Threats with XFER
If yours is anything like the average business, you and your staff rely on email for a fair percentage of your internal and external communications. Unfortunately, this makes you just as much of a target as any other business as well. In order to continue doing business securely, you need to have both an appreciation of the risks of email in your company culture, and the security solutions in place to prevent threatening emails from becoming an insurmountable problem.
XFER is here to help. We offer a Unified Threat Management tool, providing that centralized network security that is so crucial. Reach out to us for more information on what this solution includes, and how else we can benefit your business operations.