Share this article on:
The demise of email has been predicted for the past decade, and yet we continue to use it. In fact, we are doing so in such high volumes that it is the primary communication function of most modern businesses. Is it outdated? Is it time-consuming and slow? Maybe. But the numbers don’t seem to be slowing down, with employees spending hours each day checking and responding to emails at work, Vicki Batka of Trellix, writes.
Just last year, it was estimated that 319 billion emails were sent and received daily around the world and that by 2025 this will further increase to 376 billion. The rise of instant messaging platforms may eventually phase out the use of email, but for right now, email is proving it’s still fundamental to any business and while it is the number one form of communication, it also takes first place as being a threat vector and main entry point for cyber attacks.
Workplace 2.0 has introduced new complexities to securing email data. Employees are working from anywhere on any device, resulting in exacerbating pressure for IT teams to safeguard organisations from email attacks. The threat landscape is becoming more complex every day, with cyber criminals preying on employees at a level of disguise that is increasingly convincing.
As the number of emails increases, an unfortunate side effect is the boom in email scams. The Australian Competition and Consumer Commission (ACCC) identified in its latest Targeting Scams report that business email compromise caused the highest impact on businesses in 2021, with losses reaching a whopping $227 million.
The truth is that no more will anti-spam filters suffice because while the medium of email might be outdated, the calibre of threat has surpassed the capabilities of what many businesses are still using to protect their operations.
Recent email telemetry analysis from Trellix’s threat report identifies three top trends in email security from Q1 of 2022 that businesses need to be prepared against. Emails with malicious executables like infostealers or Trojans attached and emails with malicious documents such as Microsoft Office files or PDFs attached, come in at third and second, respectively.
The most common malicious emails included a phishing URL used to either steal credentials or lure the victims to download malware. While these days, it’s not unusual to come across a phishing email, it’s important to note that we’re not talking about painfully obvious forms of attack. While they exist, yes. The real concern is when the scams are so sophisticated and carefully socially engineered that despite employee security training, they fall through the cracks.
When a suspicious email lands in an employee’s inbox, the process is often to immediately not click or open anything and forward it to IT teams to investigate. For every potential phishing email, say about 100 come through per week, IT teams are taking 30-45 minutes to process each one. It’s a manual and time-consuming effort that can often lead to fatigue and burnout. This is where the XDR solution comes in to alleviate the pressure of these tasks and ensure security analysts can exert their efforts where it’s better needed.
With “work from anywhere” initiatives well and truly taking off, security teams need a solution that is laser-focused, proactive and requires little human intervention. XDR can monitor specific mailbox’s emails for suspicious phishing attempts. At any indication of compromise, emails are identified and submitted to the threat intelligence platform used by the organisation.
Should the email contain a binary file, XDR would submit it for analysis while querying the organisation’s directory for who sent the email. The solution can automatically search all inboxes for those that contain the malicious attachment and delete them, therefore, isolating the incident. Further, XDR response capabilities can identify all victim endpoints and run a scan to understand if the malicious attachment has been opened by any users.
Deploying XDR in the face of email threats is essential for the automation of threat detection and incident response. The insight and adaptation of the solution improve security operation and allow organisations to understand the hunting methodology used by malicious actors. This approach ensures time to remediation is low because responses are prepared.
XDR is the modern-day solution to keep at pace with the never-ending number of threats circulating in our inboxes every day. It breaks down the barriers for IT teams to stop engaging in repetitive tasks by handling them automatically to minimise the risk of breach and isolate attacks.
Vicki Batka is the senior vice president, sales, APJ at Trellix.