What Are the Major Security Threats That Can Be Expected Through an Email?
16.02.2023
Back to blog listTypical email risks and how to counter them
Email risks are often neglected. Sometimes users pay much more attention to some other security threats and this is one of the prerequisite which leads to underestimation of email related risks.
However, Email is still considered the riskiest channel for data loss. It’s accounting for 65% of data losses. For example, according to the research by Tessian and the Ponemon Institute nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Basically, email security threats are divided into three large categories:
• Malware distribution
• Domain spoofing
• Phishing
Malware distribution
If intruders use this technique, they add malware attachments to letters.
One prerequisite why email services are so popular for malware distribution is because it is very useful in terms of distribution. A single user's compromised email account can be used once more to redistribute the ransomware to other accounts inside and outside the victim's organization.
Ther is a technique, which helps to mitigate the corresponding risks from such attacks is to limit emails to plain text messages without attachments. But, indisputably, it is quite difficult to implement in practice; email services are actively used for sharing and transmitting various types of content. The second useful technique, which is indisputably beneficial in any relation is to permanently educate employees and strengthen their competencies in information security related issues. This is a complex issue, which requires educational courses, occasional simulation attacks etc. But you may start to implement this approach by referring to an article in our blog, devoted to the topic of concept of corporate information security.
Domain spoofing
This technique is used for tricking users in order to make him/her believe that, an email or a phishing site is legitimate, however, it is not. Intruders fake a website name or email domain and thus manage to trick users.
Phishing
Phishing is an extremely popular technique. According to some assessments, up to 90% of cyber-attacks start with phishing. Thus, this ever-lasting security threat shouldn’t be neglected. There are numerous types of phishing existing. However, the main aim of phishing attacks to make users take some action, which intruders want victim to take.
In order to persuade a victim to commit some malicious action intruders often implement social engineering techniques. They are often aimed at stealing users’ credentials or infecting users' systems with ransomware. For instance, victims are made to click on a malicious link or to name their credentials.
In order to counter this security threat, it is important to train employees and help them to detect phishing attacks. What’s more, specific protective software can help to mitigate the phishing threat. We have also added specific functionality for detecting phishing to our DLP system. You may refer to this article to find out how it works.