Email security doesn’t end if your system is breached – it requires a quick and effective response to minimise the cyberattack, argues Barracuda’s Charlie Smith.
Email security is a never-ending cycle of attack and defence.
Email security solutions continuously adapt to evolving phishing and social engineering tactics and this leads attackers to develop new evasion techniques.
Companies need to prepare for the chance that even with the most advanced email security in place, every now and then an attacker may slip through.
When a malicious email does make it past initial defences, time is of the essence and swift action is key to containing and minimising any impact.
The best security is therefore an approach that combines advanced protection and threat prevention with fast and scalable incident response. Automating this approach enables teams to quickly locate, contain and neutralise threats with no human interaction needed and no impact on business operations. This allows businesses to contain threats faster, reduce IT workloads and improve overall security effectiveness.
Recent trends in evasion techniques
Our own research shows how attackers deploy a range of tactics to evade email security and increase their chances of success. Phishing-as-a-service (PhaaS) platforms invest significant resources is sophisticated evasion techniques.
For example, one phishing kit uses malicious code that is encrypted and obfuscated using a substitution cypher to make it harder to detect and analyse. Another one checks if targets are genuine victims or security tools such as a sandbox. If it’s a security tool it is quietly redirected to a harmless, unrelated website.
Such techniques are aimed at bypassing email security tools designed to detect and block threats before they can reach the target inbox. While this layer of defence is still critical, it’s no longer enough on its own in the face of these evolving attack behaviours.
The need for fast, automated incident response
Every minute the attackers have access to a compromised account is a minute they can use to move laterally, spread malware, siphon off sensitive data or disrupt business processes.
Manual responses are resource-intensive, relatively slow and unlikely to be fully available 24/7. It can take IT professionals hours or even days to detect a breach, identify affected users, quarantine malicious emails and take appropriate response actions. This uses up time and energy that could be better spent on other things.
The solution lies in automated incident response – a fast and effective way to address threats that manage to breach the organisation via email, and to halt the spread of malicious email content, isolate threats in a timely manner, and protect users and sensitive data.
Key benefits of automated incident response
Automated incident response transforms email security, ensuring faster containment of threats and minimising damage. Its key benefits include reducing dwell time by improving the ability to neutralise threats immediately. This helps prevent intruders from establishing permanence and beginning lateral movement, malware execution and data theft.
Automation also improves an organisation’s ability to analyse and prioritise incidents, reducing false positives and human error and, by eliminating repetitive tasks, allows security teams to focus on strategic priorities.
Finally, faster detection, containment and reporting enable businesses to meet data protection regulations, such as NIS2, that set time limits on incident response.
A layered approach to email security
No single solution can stop every attack. Automated incident response is a critical defence mechanism, but it must be part of a layered security approach.
Here are some of the most important elements of email security to include in your processes.
Multifactor authentication (MFA) aims to prevent attackers from gaining access just by acquiring stolen details, reducing the danger of credential phishing.
AI-powered email security, with advanced impersonation protection is used to detect sophisticated and emerging phishing tactics.
Security awareness training improves the ability of employees to recognise and report phishing attempts that make it through defences.
And clear phishing reporting procedures ensure a streamlined process for identifying and escalating suspicious emails.
Cyberthreats are moving faster than ever, with attacks unfolding in hours not days. Deep, multi-layered protection combined with the ability to respond to and recover from incidents will protect your organisation in this rapidly evolving landscape.
By Charlie Smith
Charlie Smith is director, solution architects, data protection and email security (EMEA) at Barracuda. He is responsible for helping organisations safeguard their critical data. He is passionate about staying ahead of the curve in terms of technology trends and innovations, and enjoys working closely with customers and partners to deliver tailored solutions that meet their unique needs.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.