A new threat: Beware, security threats may be hiding in your mailbox

An effective incident response following a security breach and the threats that arise post-delivery can quickly stop the spread of the attack and minimise any potential damage.

A malicious email evading an organisation’s security measures and landing in a user’s inbox would need equal attention as block threats in the first place. Researchers of IT security firm Barracuda recently looked at 3,500 organisations globally to better understand threat patterns and response practices. They identified that an average organisation with 1,100 users will experience around 15 email security incidents per month, and on average 10 employees will be impacted by each phishing attack that manages to get through. The researchers also found that 3% of employees will have the tendency to click on a link in a malicious email, exposing the entire organisation to hackers for conducting a successful attack.

An effective incident response following a security breach and the threats that arise post-delivery can quickly stop the spread of the attack and minimise any potential damage. There are multiple ways that organisations can identify email threats for post-delivery remediation. Users can report them, IT teams can initiate internal threat hunting, or they can also rely on a community of other organisations that remediate attacks.

Barracuda researchers found that the majority of incidents were discovered through internal threat hunting investigations launched by the IT team. The investigations were initiated through common practices like searching through message logs or running keyword or sender searches of already delivered mail. On average, malicious emails spend 83 hours in users’ inboxes before they are discovered by a security team or reported by end users and finally remediated. This time can be considerably shortened with focused security training that will improve the accuracy of user-reported attacks, and deployment of automated remediation tools that can automatically identify and remediate attacks freeing time of security personal.

Murali Urs, country manager – India, Barracuda Networks, said, “Evolving email attacks pose a significant risk. As hackers utilise more sophisticated social engineering techniques, email threats become difficult for both technical controls and email users to detect. There is no security solution that can prevent 100% of attacks. Likewise, end-users don’t always report suspicious emails due to lack of training or negligence, and when they do, the accuracy of reported messages is low, leading to wasted IT resources. Without an efficient incident response strategy, threats can often go undetected until it’s too late.”