Among all kinds of cyber threats that exist in this landscape, email threats have been the most stubborn and long-lasting kind. They have been here for ages and are not going away anytime soon.
Keeping up with this prediction, The National News, in an article published on 21st April 2021, revealed that email threats grew 64% in 2020. The article attributes this rise to the shift to remote working culture.
The article mentions that the clicking rate of employees on malicious links has gone up by three times as compared to that before the pandemic.
The article is based on a report from a survey conducted on a bunch of companies with 250-500 employees. The report mentions that the number of ransomware attacks rose in the year 2020, majorly due to the remote working culture.
In numbers, talking globally, 61% of the surveyed companies were victims of ransomware attacks in 2020. Out of this, half (almost 52%) paid the ransom, but only 67% of those who paid the ransom could recover their data.
In the United Arab Emirates, 78% of the companies surveyed said they were affected by ransomware attacks last year. About 43% of the ransomware victims in the UAE also admitted to paying the ransom, but only 44% of those were able to recover their data.
The article goes on to say that 71% of the businesses surveyed globally are also tensed about the safety of their archived business record of conversations. This includes conversations held while working remotely, using tools such as Slack or Teams.
Nearly 70% of the surveyed respondents believe that weak passwords used by employees are putting their organizations at risk. Moreover, 50% of the organizations surveyed in the UAE consider employees’ negligence to be one of their most exploitable vulnerabilities.
Discussing the Elephant in the Room: Outbound Email Security
Email threats originate from spoofed email domains or compromised legitimate email accounts. Majority of the organizations scan and screen incoming emails. However, outbound email security is an issue often ignored by companies. This can be exemplified by a recent revelation in an article published by Gulf News.
The article mentioned that only around 69% of the Forbes ‘Top 100 Middle East Companies’ have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place. Put simply, almost 31% of these organizations are leaving their clientele and partners at risk of email fraud.
It further reveals that only 24% of the Top 100 Middle East Companies have a ‘reject’ policy in place for emails that fail DMARC authentication. This means that a large majority that is 76% are not proactively blocking fraudulent emails from reaching legitimate recipients i.e clients and partners.
Quoting a statistic from the research mentioned in the article, it states that 15% of the organizations in UAE suffered phishing attacks in 2019. An additional 15% were victims of business email compromise attacks. All of this makes it pretty clear that emails will continue to be the preferred delivery mechanism of cyber attacks for threat actors.
Prevention Against Email Threats
Securing against email threats needs a multipronged approach. For an organization, it is essential that both aspects of email security are covered i.e securing the employees against incoming email threats and securing the organization’s email domain against misuse. In line with this, the following measures prove to be effective:
- Security Awareness: Security awareness proves to be a game-changer for organizations with regard to cyber attacks that originate from employee negligence. Security awareness tools can be very helpful in generating awareness and imparting knowledge about the current cyber security threats and trends.
- Using Multi-Factor Authentication (MFA): MFA is one method to add an extra layer of security for your accounts. It acts as a double verification measure for checking the legitimacy of the identity of the person trying to access the account. SMS/Email Token Authentication can be used for this purpose.
- Double Checking: The habit of double-checking the domain of the email sender and the destination of the link in the email by hovering over it should be inculcated in the organization. As threat actors often use a sense of urgency in their phishing emails, this habit can go a long way in saving the organization from cyber attacks.
Outbound Email Security: Outbound email security can be ensured by using email domain security tools like KDMARC. It allows the user to set up the DMARC record easily and put in place a consistent policy for emails that fail DMARC authentication. An organization can easily increase its email deliverability and engagement rate using KDMARC. Since only legitimate emails will be landing in their intended recipients’ inbox. This in turn can save an otherwise big loss of reputation and business due to email spoofing that the organization can be subjected to.
Email threats, as predicted, are only going to increase as remote working culture holds a firm grip over global businesses. It is therefore imperative for organizations to secure their remotely working workforce while minimizing their losses to email-based cyber attacks.
We’d love to hear from you about your views on the changing cyber threat landscape. Drop your comments below.
Click the button below to secure your email domain against spoofing for FREE with KDMARC!