Defending Against Email Threats That Don’t Involve Malware

The global coronavirus pandemic and remote work have drastically changed the attack surface, risks and challenges in today’s threat landscape. MSPs must learn to adapt to new trends and assess whether their technology still meets the needs of customers.

Email is at the forefront of strengthening cyber-resilience. It is notorious as the #1 attack vector – 96% of data breaches are a direct result of phishing and pretexting, and it remains a vulnerability due to the human element.

Legacy threats versus modern threats

Email flow has changed a lot over the years. There is a huge gap between the large spam runs of the past and the modern email attacks we see today. Today’s sophisticated email attacks generally only account for a small percentage of the total email flow within organizations, but they are highly effective – business email compromise (BEC) accounts for over 1% of all traffic but can cost an organization a huge amount. 

Cybercriminals are getting better at configuring the attack infrastructure, making it difficult to distinguish between legitimate and weaponized domains – and many attacks likely make it past most traditional email defenses.

Many legacy email security solutions with basic anti-spam/anti-virus (AVAS) can only detect legacy attacks and not the more sophisticated attacks proliferating today, such as business email compromise (BEC), phishing, spear-phishing, account takeover (ATO), and domain impersonation.

Many of these attacks are malware-less and lack elements like executable viruses, files, or malicious URLs directly associated with an attack by default. They trick recipients into believing they are getting emails from legitimate senders – a tactic known as social engineering.

This is why modern, professional cloud-based email security solutions are essential for business email. These solutions can be very quick at reacting to new spam waves and handling false negatives and false positives – and they can help reduce deployment time and costs compared to on-premises solutions.

Key points to evaluate in an email security solution:

• Modern, cloud-based email security that includes multiple layers of algorithmic analysis, threat intelligence, executive monitoring, real-time link scanning, and machine learning to defend against advanced email threats
• Extra spam classification features to emphasize when an email is phishing, extortion, or carries malware
• Enhanced image content analysis and improved control over email flow
• Powerful domain-based threat intelligence
• Support for SPF, DKIM, and DMARC
• Seamless integration with Microsoft 365
• An end-to-end unified security platform with the option to include email security

Your customers are prime targets - SMBs have faced both a cyberattack and a data breach. As an MSP, it is imperative to stay ahead of cybercriminal activity and include reliable email security in your MSP security portfolio.

Use any Email Security Guide for MSPs and learn about the current email threat landscape, steps you can take to help reduce your customers’ risks, and the benefits of providing email security as part of a unified security platform.