How to upgrade and modernize your e-mail security strategy

November 16, 2020
Chris Munoz
Director of Portfolio Management, Cloud Services

Amid all the talk these days about malware, spyware, ransomware, and all the other malicious activity targeting the enterprise, one crucial fact tends to get overlooked: the vast majority of these threats enter protected data environments not by breaching the firewall but by invitation through an e-mail scam.

According to Verizon, virtually all (94 percent) of malware is delivered via e-mail, with phishing scams accounting for 80 percent of the total. While most professionals have grown wise to the standard come-ons from Nigerian princes and time-share sales pitches, more recent attacks are showing greater degrees of deception, such as cleverly disguised missives from “accounting” or “the CEO.” As data mining and social engineering techniques become more sophisticated, expect to see increasingly personalized e-mails that will be even harder to detect as frauds.

Perhaps this is why the Ponemon Institute reports that nearly one in four people who receive phishing e-mails open them, and 10 percent of those will click on the link or attachment that launches the attack. This gives the cyber attacker a 90 percent chance of success after sending only 10 messages.

Help is on the way

The good news is that steps are being taken on national and international levels to thwart phishing scams and a wide range of other threats. Recently, Microsoft, Symantec and a host of industry partners dealt a body blow to Trickbot, a Trojan-horse botnet that has infected more than 1 million devices since 2016. Following a lengthy investigation into the net’s worldwide array of hosted servers, Microsoft was able to institute legal action that allowed it to quickly disable nearly all of its initial servers plus the replacements that Trickbot tried to spin up once it realized it was under attack. While the botnet is not down completely at this time, it is on life-support.

Undoubtedly, new threats continue to emerge even as others are neutralized, which makes it imperative for enterprises to ensure their own e-mail security strategy are as thorough as they can be. Training employees to spot fake e-mails will likely continue to be one of the best protective measures against intrusions, but there are also many ways in which technology can be leveraged to weed out the phishing attempts.

Perhaps one of the most crucial areas to shore up within the enterprise data environment is Microsoft 365. As the main repository of e-mail and other sensitive data, 365 should be deployed with an eye toward enhanced threat protection, data security, and other tools.

In complex office environments, however, this is a lot more difficult than it sounds. For one thing, Microsoft is continually updating its e-mail security features to keep up with the evolving threats from the outside. Ensuring that these tools are deployed thoroughly and are providing the needed protection for each enterprise’s unique data ecosystem is a full-time job, one that can significantly add to an organization’s IT budget if not handled in an appropriate manner.

Expert approach

This is why CBTS has teamed up with many of the foremost leading experts in the field of e-mail security and provides their expertise as a service. Using a combination of people-centric measures and cross-channel security platforms, these collaborations have shown that it is possible to e-mail security strategy and maintain a highly secure data environment even as the user base becomes increasingly reliant on mobile technology, social media, data sharing, and other technologies that tend to push data beyond the firewall.

CBTS has bundled several cutting-edge security capabilities into the Advanced E-Mail Security Services platform, providing a one-stop shop for all emerging threats to e-mail architectures. By including the latest in spam filtering, continuous monitoring for fake e-mails and targeted attacks, and business continuity measures in the event of system failure, our cloud-based program maintains the highest availability for critical e-mail communications.

Our three-tiered approach also allows clients to choose the right level of security for their needs. These include:

  • Business features – designed as a turnkey service for the foundational functions to protect users at the lowest cost;
  • Advanced features – for organizations that require tools such as Attachment Defense, E-Mail Encryption, and Social Media Account Protection;
  • Security Pro features – a fully managed service that extends protection to e-mail archives and e-discovery, plus up to 10 years of secure data retention.

In an uncertain and often hostile world, enterprises must remain vigilant against any threats to services that can erode the trust of the user community. By partnering with CBTS, you can ensure that the highest levels of security are being maintained without driving costs to unsustainable levels.

Read our recent infosheet for more information and contact CBTS to learn how our managed services can improve your e-mail security strategy.

Subscribe to our blog