As 2018 draws to a close we thought it might be worth a look back on the year to see if there’s anything we can learn from email threat intelligence activity for next calendar year. Our review is a frank and ‘matter-of-fact’ and based on our experiences. All the data presented here is what we’ve actually seen in the real world for Australian businesses.
We don’t have an agenda driven by any vendors. And we’re not pushing any products. We’re simply sharing what we’ve seen and sharing some analysis along the way. Hopefully, this report might be able to help you with the direction of your email security.
We’ve seen a steady increase in email activity through 2018. Email volumes are up. The number of attachments emailed is up as is the number of security problems that CIOs boards and IT Managers face.
Over 2018 we’ve seen a shift from malicious attachments in emails to URL-based threats. Our clients have also seen a rise in whaling attacks, or Business Email Compromise scams.
The engagements we’ve had with our clients and the detailed conversations we’ve had with our vendors and suppliers still suggest that security should be concern for all businesses.
We can also say with a level of confidence that security is still perceived as ‘expensive’ and an disruption to staff across the board.
Overall Email Trends
Through 2018, ITConsult will have overseen the delivery of over 18 million emails. During the year, the volume of email grew month on month to over 131%. Outbound email volume grew by nearly 460%.
Of the 12M emails, our clients sent nearly 3 million attachments.
We see no pull-back in the use of email and we believe that email will remain the number one business application in 2019.
With the volume of emails expected to rise and the amount of data sent via email, we feel there is significant risk for every business not to be aware of how an email outage can impact a business.
Similarly, we see significant risk in being blind to email communication and expect an increase in data breach via email.
For every business, having a clear understanding of their own email threat intelligence statistics will be important. Without it, it will be difficult to apply the appropriate levels of security to the right areas.
Whaling attacks or Business Email Compromise (BEC)
Whaling and phishing attacks were certainly on the rise in 2018. While the total number of detected BEC emails was less than 1% when compared to all inbound email, we saw an average of over 50 emails per client blocked. It could only take one of these emails to make it through for any business to suffer a significant financial impact.
An average of 50 emails per month per client doesn’t seem to be a large number. During the year, however, BEC email volume increased by over 840% during the year. We expect this number to increase through 2019.
We are also anticipating that those crafting phishing and whaling emails are going to get more creative to avoid anti-phishing processes.
Over the last 18 month’s we’ve worked with businesses that have had over $600k leaked due to successful BEC whaling attacks. Unfortunately, it’s only after an event such as this where security seems to get the appropriate attention it needs.
There are plenty of organised criminal groups operating on the Internet today. Over time, they have built up their experience in effective social engineering techniques to defraud businesses of money. It’s difficult for busy people to detect fraudulent emails at times.
All those clients who were victims of whaling attacks stepped up their email security significantly and continue to invest improving their overall capabilities through email security products and staff training programs.
Implementing multi-factor authentication on Internet-enabled email accounts is an effective way of preventing unauthorised access to email accounts.
Increasingly, businesses who roll out awareness education on phishing scams are seeing positive results when it comes to staff being able to identify whaling and BEC emails.
Malware through email attachments
Our analysis suggests that malware delivered by email in 2018 was a near non-event. With most email systems incorporating anti-virus and anti-spam technologies there’s seemingly a low risk of malware entering a network via email.
Through attachment management policies, most of our clients are blocking
Email scanning techniques are constantly improving and with vendors implementing zero day protection against malware, coupled with server and endpoint security systems, we can’t see malware posing a big threat when delivered by email.
Threat activity via URL
Where we do see an increase in activity is through URLs embedded in emails and email attachments. Over 140,000 links were clicked on in emails in 2018. Of those URLs some 2,000 were classified as dangerous and were blocked. We are keeping an active eye on these statistics going into 2019. With an increase of 269% during 2018, we do expect threats activated by URLs in email to increase significantly.
URL threats are particularly dangerous for remote workers, laptop users and those who access corporate email on mobile devices. Oftentimes organisations deploy security platforms that only work while staff are in the office and connected to the network.
Effective URL protection for email is required continuously and regardless of where your staff are when the click on a URL. URLs should be analysed at the time-of-click rather than during email processing.
Email Threat Intelligence Wrap-up
We are actively looking forward to 2019 and seeing how the email security landscape will continue to evolve. As phishing scams increase, we expect see an uptake for business to deploy two-factor authentication and mobile device management to increase security of email accounts.
The focus for organisations to protect personally identifiable information (PII) and other sensitive data should lead to an increase of data loss prevention methods being introduced into email security policies.
In all reality, we expect the see many businesses adapt to new email threats, we expect to see many business continue through 2019 with little change to their security focus.
Unfortunately, there will be a small number that will be affected by a data breach through email which will force some change. Hopefully this number will be low.
Click here To download our State of Email Security Report.
If you have any questions or commentary on our email threat intelligence analysis please get in touch.