Email phishing attacks have been on the rise during the COVID-19 pandemic this year. Today’s columnist, Kevin O’Brien of GreatHorn, offers a four-step email security strategy. (Credit: GreatHorn)

Organizations of all sizes face the same incredibly daunting challenge: the bad guys will always try to attack email.

Users working on any email platform must communicate effectively and securely while helping their organization fight against phishing, account takeovers, data breaches, and business email compromises. Companies can do this by creating a multi-layered approach to security that everyone understands and knows like a second language.

Those who don’t value email security are likely missing out on opportunities to protect the organization and train employees on how to do the same. Our 2020 Phishing Attack Landscape report found that 38 percent of organizations said within the past year, someone within their organization had fallen victim to a phishing attack. And 53 percent of organizations said they had seen an uptick in email phishing attacks during the COVID-19 pandemic.

While email compromise methods stay the same – stealing credentials, pretending to be someone real, and impersonating domains/companies – the rate at which they are happening increases. When a threat gets delivered via email, security teams must respond quickly to mitigate that attack before it causes damage that takes time and resources to contain and get under control. Automating the response and ensuring employees know how to recognize and do this at a moment’s notice can help mitigate threats at scale.

But what makes an email security product effective? It revolves arounds four fundamental tenets: analyze, detect, protect, and respond.

Analyze

Start by developing a deep understanding of the organization’s environment. This includes users, communication patterns, relationship strength between senders and recipients, resources, individual user risk profiles, and content. Security teams must obtain full visibility of these factual elements and how, where and to whom they connect.

Having the most fact-based information available helps to analyze and make informed decisions around similar behaviors. Without clear visibility, it becomes more difficult to detect and determine what actions to take. Many vendors create a “black box” of their policies. This makes it even more difficult for organizations to have complete visibility. This lack of transparency removes the ability for organizations to refine policies, based on granular risk factors, to create the best detection for their organization.

Detect

Security teams must detect an attack quickly and also analyze it to prevent other such attacks and quarantine attacks instantly, blocking them before they reach the end user. As an example, adaptive threat analytics systems incorporate machine learning and data science to learn the most frequent communication patterns unique to each receiver and sender. When security teams do this, it’s much easier to detect email anomalies and suspicious content. It’s essential to catch and stop events in real-time and prevent them from becoming worse.

Protect

Security teams also need to develop and implement systems and procedures to help restrict accesses and mitigate potential incidents. This starts with in-the-moment training, and reducing attack engagement by warning users of potential threats during the attack. Analysis becomes important here and post-delivery to help users understand what the attack, how to report phishing attempts, and how to prevent it in the future.

In the protect phase, security pros track network access and set up processes to ensure the right email network configurations are in place for the overall protection of the organization. Awareness training or user education plays a particularly significant role here because when it comes to a phishing attack and spoofing email, we do not know what we do not know. Employees are often the most important asset to protecting the company if they are trained well.

Respond

In the event of an email attack, the organization must respond quickly to mitigate these threats. Security pros do this by automating incident response and remediation techniques. Having this type of plan in place puts the organization in a better position to act quickly in the event of an attack and limit the impact. Given the type of attacks, attackers can launch in a matter of minutes, security teams don’t have much time to manually mitigate threats.

Create a response plan that identifies the most useful information quickly and conduct all subsequent activities in a way that eliminates any negative effects and ensures lessons are learned and principles implemented into the future response plan.

This four-phase process can help security teams create an effective email security strategy. The ability to analyze, detect, protect and respond at the moment of risk helps security teams follow a fact-based approach to email security. Ensuring the team has a deep understanding of the company’s risk profile and knows the company’s overall security posture can help the security team connect to business processes that reduce risk.

Kevin O’Brien, co-founder and CEO, GreatHorn

Original article source was posted here