2019 sees the end of the latest decade with 2020 ushering in a new one. These last ten years have been the decade where technology has improved to keep pace with the dangers of email phishing. Only 8 years ago, spam filters and anti-virus were the standard email security protections. Once hackers figured out how to bypass these tools, the introduction of secure email gateways (SEGs) ensured it became the most common phishing prevention tool.
However, with hackers continuing to evolve ransomware attacks and phishing email threats to bypass security through emails that mimic everything, from famous brands to influential individuals, more must be done to protect businesses in 2020 from the ever-growing threat landscape.
The Email Security Debate
The email industry is in a state of debate over what technology, standards and protocols will deliver the most protection for users and reduce risks. Considering that cyber attacks cost UK businesses $370bn in 2018, it’s surprising there’s such a heated debate between security professionals.
For most of the industry, the usual arguments are:
- Good email security solutions require the use of two-factor authentication
- Use of DMARC being essential
- Mandatory security awareness training of phishing emails for all businesses
- All email messages should be encrypted
- Automated incident response
While these issues are part of solving the problem of email security, it’s only through the combination of humans and machines working together that the solution will be found. According to PhishMe research, 91% of cyber attacks are caused by a phishing email attack. The tactic works as people still continue to fall for them.
2020 Email Solutions
Despite improvements, organisations are losing the battle against phishers because solutions fail to address the bigger picture of email security. So how can a business properly secure itself in 2020? Here are the essentials:
1. Advanced Malware and Phishing Protection
To continuously inspect every inbound link and attachment to visual changes in real-time, and determine whether or not a user login page is legitimate. This will allow a business to automatically block access to malicious URLs.
2. Mailbox Threat Detection
Work with advanced detections to pinpoint sender impersonations, spoofing and BEC (business email compromise) that can bypass security measures.
3. Human-Centric Phishing Detection
Technical detection isn’t enough, because email phishing is still a human and machine problem that requires a combined human-machine solution.
4. Post-Email Delivery Response
The time from discovering attacks to responding to them is vital. Any email security must provide all end users with an automated incident response and remediation across all infected mailboxes.
5. Decentralised Actionable Crowd Sourced Intelligence
To share your information with a platform that is actionable with automation which empowers organisations to prepare for current email phishing attacks.
6. Closed Feedback Loop
An organisation can orchestrate threat intelligence including technical and non-technical controls into a continuous feedback loop, which is instrumental to stopping phishing emails from going undetected.
<7. Email Archiving
Decision makers are seeing more value in email archiving than just complying with industry regulations and GDPR. All emails saved in the archive will be tamper proof and ready to be restored in the event of a cyber attack. The costs saved from reducing your email storage budget can then be used to invest in sophisticated cyber security.