For hackers, it’s a numbers game. Three billion phishing emails are sent every day, but all they need is for one of them to find a willing victim and do damage to your network.
If you leave email security up to users, you’re in a world of trouble.
A study by a Stanford University professor revealed that 88% of data breach incidents are caused by employee mistakes.
As threat actors have become more sophisticated in their methods, it’s becoming even harder for employees to distinguish between what’s legitimate and what’s a phishing attempt. Workers cited several reasons for falling victim to the scam. The top three were:
- Users perceived the email to be legitimate.
- An email appeared to come from a well-known brand.
- An email appeared to come from a senior company executive.
This study mirrors what researchers found in the 2021 Data Breach Investigation Report (DBIR) from Verizon, which found that 85% of breaches involved a human element.
Employees are focused on their job and are trying to get things done quickly. It’s too easy to see something pop up and make a fast decision without taking the time to ensure its validity. The risk has become even greater with the emergence of remote workers. Workers say they have even more distractions when working at home and are even more likely to make mistakes.
Training and Education is Not Enough
While many companies do training and run phishing simulations, they haven’t stopped employees from falling victim. One company ran scenario-based simulations sending employees various phishing emails randomly over time. When users clicked on them or provided credentials, they let them know this was a test and provided additional information about how to protect themselves from phishing attempts. Yet, employees continued to fall for phishing emails multiple times.
Training and education are simply not enough to protect yourself. In fact, it can actually have a negative effect if not done properly. Simulations and training can work against companies by making employees feel they were trained to tell the difference between a legitimate and illegitimate email. In some test cases, employees completing training courses became even more susceptible to phishing.
The results are clear. The best way to defend your organization against email security threats is to prevent them from ever reaching an employee’s inbox.
SecurityGateway™ for Email Servers
Secure email gateways help prevent threats from reaching your users. Whether you’re hosting your own email server or using cloud email such as Office 365 or G-Suite, a secure email gateway can protect your business from spam, viruses, malware, ransomware, denial of service attacks, and phishing attempts hidden in email.
By scanning all incoming and outgoing emails, including attachments, for signs of malicious, harmful, or fraudulent content, email gateways can reject or quarantine potentially dangerous emails. Email gateways check the domains of incoming emails to verify their authenticity and scan the content within the email.
Email security gateways also scan outgoing content to help protect businesses from data leaks or inadvertent release of sensitive information.
SecurityGateway for Email Servers from MDaemon Technologies, for example, performs several security tests on emails to block threats from reaching employees. Each test evaluates emails in a variety of ways.
Antispam filters score every email message and allow third-party validation of a sender’s trustworthiness. The software looks for both known spammers and keywords, phrases, and syntax that are commonly found in spam & phishing emails. In addition to using DNS and URI blacklists, greylisting delays inbound mail from unknown senders. If the email is legitimate, the originating servers will resend the email. Spammers typically just move on to another potential victim.
Real-time anti-virus protection checks emails for potential threats. By comparing emails with billions of email messages sampled daily, incoming emails are scanned for patterns that indicate malicious intent. Threat signatures are updated automatically to help detect and mitigate known threats.
Zero-hour virus outbreak protection can proactively protect your email infrastructure automatically when new threat outbreaks are discovered.
The secure email gateway also verifies the sender’s addresses to uncover forgeries. Before accepting a message, callback verification is used to validate the legitimacy of the sender before accepting the message. Reverse lookups are employed to tag or refuse forged emails.
Additional measures to authenticate email and validate the message sender are also used to minimize spam and forgeries, including:
- DomainKeys Identified Mail (DKIM) uses digital fingerprints to identify possible tampering.
- Sender Policy Framework (SPF) verifies that email claiming to be from a domain originated from mail hosts that are authorized to send mail for the domain.
- Domain-Based Message Authentication, Reporting and Conformance (DMARC) provides guidance on what to do with messages that fail SPF or DKIM authentication, such as reject or quarantine. It also allows domain administrators to receive reports listing other detected servers that have been used to send mail for their domain.
Additional authentication also prevents unauthorized access using anti-abuse tactics such as:
- Relay control to ensure that external domains cannot use your infrastructure to send spam
- IP shielding for email acceptance based on pre-defined domain/IP pairs
- Location screening to block incoming SMTP or remote administration connections from unauthorized countries
- Dynamic Screening and DDOS protection to block suspicious activity
- Tarpitting to deter spammers from abusing your server by slowing down sessions after a specified number of recipients (RCPT commands) have been detected in an incoming connection
Inbound and outbound threats are identified for blocking or quarantining suspicious emails. Content filtering rules with multiple search strings can be defined to search emails for keywords or other content that may indicate threats. These content filters can automatically take actions based on the results, such as, reject the message, add points to the message's spam score, or quarantine it for administrative review.
Content filters are also applied to attachments such as video files, images, or executable files to scan for malicious activity. They can even detect Microsoft Office documents containing potentially malicious macros and send them to the administrative quarantine for review.
Known email abusers are automatically blocked using address matching, IP blacklists, and host matching. Conversely, authorized users are automatically sent through when whitelisted.
Internal Threat Detection and Prevention
Policy rules, encryption, and automatic secure redirects can help protect sensitive company data from intentional or inadvertent data leaks. Data is automatically sent over an encrypted connection using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), and HTTP requests can be automatically redirected to HTTPS for encrypted access to the SecurityGateway interface. Administrators can set up policies that detect sensitive data and prevent it from being sent outside of your network. Scripts using the Sieve email filtering language can be used to create advanced content filtering rules for industry or business-specific data.
Protecting Your Network Against Your Biggest Security Threat
A secure email gateway provides significant protection against malicious messages. This prevents the overwhelming majority of phishing emails, dangerous links, and attachments from ever hitting your employees’ mailboxes, and provides protection against the biggest threat to your network: mistakes by your employees.
As threat actors use increasingly sophisticated attacks, a secure email gateway is an essential part of your overall network security strategy.
Learn more about how SecurityGateway for Email Servers from MDaemon Technologies can help secure your business.