Top tips on how to deal with email security

By Jason Howells, EMEA Director, Barracuda MSP

The aim of any business is of course to create revenue and profit, therefore finding new ways to make this possible is always on the cards for SMEs. In Barracuda MSP’s recent Evolving Landscape of the MSP Business report, we found 65% of SMEs said that reducing capital expenditure is one of the main drivers for introducing MSP’s into their operations. But, as well as the monetary benefits, the survey also highlighted addressing security concerns (30%) and overcoming skills shortages (47%) as other key drivers. Furthermore, our research showed that 86% of SME customers are turning to MSPs for email services, which could suggest that this is an area that SMEs are not only focused on but where attempted cyber attacks are taking place.

For SMEs in particular, email threats are increasing in severity and becoming  more of a concern for businesses. In another recent survey we carried out, 87% of IT professionals had been hit by email-based threats in the past year, furthermore 81% of these respondents stated that the frequency and cost per breach has also increased. On top of this, the findings in the survey established that anyone can fall victim, with company executives the most likely to be targeted as they usually have access to the largest quantity of sensitive data.

The Modification of Email Attacks

Despite the fact that ransomware and social engineering email attacks are reasonably new threats, they are becoming increasingly more popular with cybercriminals. This is due to the fact that they don’t have to worry about using a middleman, the criminals get paid directly rather than scouring the dark web for a buyer of stolen information.

The growth of spear phishing has increased the severity of email attacks for SMEs as they do not require malicious links to be included in the email. Spear phishing attacks give the victim the impression that the email has been sent from someone they trust, be it a business associate or partner with seemingly legitimate requests to send money. Furthermore, these attacks can also escalate into account takeovers. Some top cyber criminals are starting to use spear phishing to acquire credentials for certain software in order to use a compromised account to continue to send evenmore convincing spear phishing emails to other members of the organisation.

How do SMEs stay vigilant?

In light of these trends, as an SME, if you’re using a managed service provider there are certain expectations you should have from any MSP you decide to partner with. Firstly, making sure that they are updating their email offerings consistently to help you strengthen your defences against email phishing attacks. For example, as cloud-based applications continue to grow in popularity, many enterprises are relying on native security, which does not offer the same level of protection compared to third-party solutions. As a customer, your MSP should be establishing multi-layered approaches to the security of your data in order to keep your business as secure as possible.

For example, we’ve recently developed Barracuda Sentinel, which uses machine learning to analyse communications patterns to identify and prevent spear phishing attacks. And, because it is API-based, not gateway-based, it can detect attacks the gateway can’t, such as a compromised account sending out bad emails internally. The AI platform also helps identify individuals that are most likely to be at risk from spear phishing, so MSPs can provide them with anti-fraud training.

Spear phishing and account takeover aren’t the end, though. The threat landscape will continue to evolve as the tactics of these cybercriminals conducting attacks on your business become ever more sophisticated. However being as well informed and prepared as possible can really help defend against the increasing frequency of these threats. Keeping up-to-date with these trends has become essential for an SME and to make sure that your MSP is providing the necessary defences for your data.