Defending against complex email attacksCyber attacks are on the rise during the COIVID pandemic. This article discusses those threats and methods that cam be employed to defend against complex email attacks.

Business email compromise and social engineering are now commonplace email borne cybercrime threats and we have witnessed the use of these methods increase significantly in 2020 during the COIVID pandemic. What we now see with this type of threat is a constant evolution to how they are carried out which ultimately means they become increasingly complex and difficult to detect because there is no easily identifiable or consistent signature.

Email volumes and email threat increases

Every day the average computer using worker receives and sends around 120 emails and it is estimated that the same average worker is targeted with approximately 20 malicious emails per month, this then directly correlates to the 91% of all cyber-attacks that start with an email.

The recent upsurge in ransomware strikes against UK Public Sector organisations has shown just how complex and devastating these attacks can be, it is no coincidence that schools, colleges and universities were targeted at the start of the academic year and timed to caused maximum disruption in an attempt to increase chances of success and ultimately the amounts of ransom paid out. Some institutions were left paralysed with staff and student systems offline for over two weeks.

Threats appear legitimate

Many targeted email attacks contain no obvious malicious element and instead rely on using methods that appear legitimate, the use of established and credible email and cloud services by cyber criminals is becoming frequent practice and as a consequence some gateway email security solutions cannot identify the threat they present.

It is fair to conclude that the damage associated with complex email attacks such as spear-phishing, business email compromise and ransomware is going to get worse without investment in more capable solutions that can effectively defend against them.

Using Evolving Technology, Training & Threat Intelligence when defending against complex email attacks

Because email threats are constantly evolving, a solution that can evolve just as quickly and effectively is needed. Traditional perimeter email security still provides a capable defence against spam, malware and data exfiltration, it is therefore sensible to deploy an additional layer of email defence alongside with an artificially intelligent component that can recognise and eliminate these evolved and highly targeted attacks that cannot be dealt with at the gateway, the AI element will learn from your existing mail systems and user mailbox content and combine with each users behavioural patterns to help identify malicious emails that would otherwise bypass gateway security.

User vigilance and education also needs to be improved, many organisations do not undertake adequate training for their end users and as such they cannot properly identify email based threats and subsequently fall for attacks by acting on email content without thinking about potential for damage. There is potential to solve this issue by subjecting users to simulated phishing attacks that highlights where users need additional help and training.

Assessing Complex Email Attacks

To assess the effectiveness of existing email security it is prudent to carry out an audit of the in-place mail system. An audit will not only identify if any threats have made it through to user mailboxes it will also highlight inherent issues with email domain security, which employees are regularly being targeted and therefore most at risk and also any impersonation of senior staff that would result in compromise and loss of data or financial harm to the business.

Historical and real time threat intelligence whether general or specific to your industry or business can also be used to reduce the potential for attack.  Machine learning threat intelligence provides additional defence to protect against previously unknown threat sources and recent attacks within similar organisations which in turn can be used to improve security levels and mitigate overall cyber risk.

Layered Solutions for Best Practice when defending against complex email attacks

The steps described above are all best practices that organisations should seriously consider as they adapt and improve their email security defences.  Cyber criminals have shown that they know when we are vulnerable and how we can be exploited, our security teams are often over stretched and sometimes underfunded, and this results in defences that cannot cope. Next generation multi layered solutions that address primary threat, user awareness and cyber risk are our best step forward to fight complex email attacks.

Blog written by Howard Johnson, Cyber Practice Lead –

Further Reading;

Sophisticated Cyber Threats;COVID related expolits;

Attacks on UK Education;

To check out our other cyber security blogs click here.