It’s hard to imagine businesses without email. Almost 281 billion emails were exchanged daily in 2018, and this figure is set to increase to over 347 billion by 2022. Email has seeped into our daily lives, with mobile accounting for 43% of email opens as reported in December 2018.
Around since the early 70s, email has become the largest form of communication. No one could have predicted how quickly its use would accelerate or how instrumental it would become. Yet one thing is for certain: email threats continue to disrupt businesses and services.
Email is now the leading vector of choice for threat actors to initiate advanced attacks due to its ease of use and accessibility. But it is particularly popular among cybercriminals because organisations are hindered by their failure to implement sufficient security measures or adapt quickly enough to the agility and sophistication of threats.
Whereas previous attacks were distributed in masses, recent attacks have become more sophisticated, focusing on high profile individuals. In these attacks, cybercriminals personalise emails using social engineering techniques and emerging technologies to appear legitimate. Their ultimate aim is to convince individuals to open malicious links or attachments so they can retrieve funds or sensitive data.
Social engineering attacks cost businesses in the US alone a collective $2.6 b and a global $600 billion, so for some cybercriminals this activity is too lucrative to pass up. Given today’s easy digital access and multiple platforms, it is easier than ever for cybercriminals to leverage and access the right information to penetrate enterprise security.
As threats refuse to subside and email use continues to rise, we’re looking back at email-borne threats, discovering where, when and how it all went wrong and what to expect in the near future.
When did people start caring about network security? The late 80s experienced one of the first cyber breaches – the Morris Internet Worm, engineered by graduate Robert Morris. To his credit, Morris was not entirely sure of the effect his experiment would have. But once it was released, the Morris Worm brought internet servers to a standstill, and it forced organisations to take security more seriously as a result. Consequently, an increase in the internet security profession also occurred. After the exposure of numerous vulnerabilities digital technology and internet use possessed, organisations were now aware and cautious. They realised that not everything shared over the internet is safe or private.
Modern businesses are entirely reliant on internet use due to its advantages of instant access to information and communication. As malware, worms and trojans erupted throughout the nineties and noughties, antivirus programs and other security programs were firmly introduced. Yet shortfalls remain to this day, with cybercriminals continuing to prey on and expose susceptibilities in enterprise security solutions.
The infamous WannaCry ransomware attack in 2017 is the most notable example of cybercrime in recent times. Spread through file attachments in emails, it exploited those who had not installed a security update in Windows. The WannaCry attack illustrated both how much we have learnt and still need to learn in mitigating risk and reducing exposure to potential attacks.
What has happened now is a complete shift in attitude. Organisations recognize that more needs to be done. They are now deploying different solutions, engaging employees with training and simulated attacks, and organisations are also implementing a cultural shift in email security.
What can we expect in the future? Social engineering attacks are a growing threat. Luckily, organisations are in the age of enlightenment, realising that more needs to be done to protect against future attacks. As cybercriminals become sophisticated in their approaches, so do organisations in extending their capabilities and security methods.
So how can you adapt? Whilst secure gateways are still required as a first line of defence, cybersecurity needs to extend beyond this to enable greater protection. AI integration facilitates this, using data to identify trends and patterns, ultimately predicting future criminal activity. Automating reports and giving access to insights, and identifying high risk individuals. Adding end user security awareness training as another layer of defence has the potential to limit the ability for cybercriminals to breach enterprise security.
It’s clear something must be done to better secure inboxes. Contrary to popular belief, and despite the introduction of many forms of communication, email remains the leading choice of communication within business. Spanning four decades, it is in its prime and is continually regarded as one of the most powerful marketing tools, and the most effective way to convert and capture leads. Its use will not diminish soon. What organisations can do is ensure they implement agile solutions, evolving at the same speed as attacks. This will ensure they are prepared for threats, deploying multi-layered solutions that prevent email penetration.