2018 Threat Forecast: Email Security & SPAM

It's no secret that most data breaches originate with end-users. Despite increased employee training, and frequent high-profile data breaches in the news, many employees continue to view their email and devices as inherently secure. Given the rise in social engineering, SPAM-based phishing attacks, and malware laced messages, this couldn't be further from the truth. To better understand how these email threats continue to predominate, researchers at Symantec took a year long account of the evolving landscape. Learn more about what their findings mean for your business below:

Overall, email-borne malware detection rates actually decreased this past year. In 2016, 1 in 131 emails contained malware, where as in 2017, only 1 in 412 did. The five most popular malware-laced emails advertised:

  1. Bills (15.9%)
  2. Email Delivery Failure (15.3%)
  3. Legal/Law Enforcement (13.2%)
  4. Scanned Document (11.5%)
  5. Package Delivery (3.9%) 

These malicious emails were not evenly distributed, as certain industries attracted more attention from cybercriminals than others. In terms of email malware by industry, public administration was the most frequently targeted, with 1 in 120 emails being compromised. Manufacturing, construction, services, finance, insurance, and real estate were also within the top eleven:  

Industry Email Malware (% of total vol.) Spam Rate (% of total vol.)
Construction 27.2% 56.9%
Finance, Insurance, and Real Estate 16.6% 55.2%
Services 10.6% 53.7%
Manufacturing 9.5% 55.9%
Non-classifiable Establishments 9.5% 54.6%


Employees in the manufacturing industry were receiving an average of 25.5 email viruses annually. For construction, the number was 18.1, and for finance, insurance, and real estate, it was 9.1. While alarming, these rates were overshadowed by public administration, where the average user was hit with 53.1 email viruses annually. 

So how are these threats being delivered? The two most common means of distributing malware via email is through links and attachments. Attachments are generally more common - containing a script that, once downloaded, runs malicious code. Links to malicious codes are used less frequently, because they are usually blocked by spam or web filtering solutions. Still, link-based malware grew 10.7% in 2017. 

Cyber Quicktips - Professional Grade Phishing


Another key take away from Symantec's findings, was that email malware does not discriminate based on company size. Since massive corporate hacks gain the lion's share of coverage, this can create a false sense of security for smaller companies. However, more than half of the data breaches reported in Massachusetts in 2017 were for companies with under 250 employees. In terms of email malware, Symantec reported: 

Company Size Email Malware Rate
1 - 250 1 in 376
251 - 500 1 in 306
501 - 1,000 1 in 425
1,001 - 1,500 1 in 244
1,501 - 2,500 1 in 355
2,501+ 1 in 512

 

Securing Your Inbox

Fortunately, there are a number of preventative choices that will help mitigate these threats. Consider leveraging a first line of defense, reducing the likelihood that your end-users come into contact with malicious emails. iCorps' email filtering protects against SPAM, viruses, phishing, denial of service, directory harvest attacks, and more. This service helps keep your Inbox safe, identifies threat patterns, and protects sensitive email content. iCorps partners with Mimecast, providing a number of cloud-based email security services for advanced email management and email compliance. Here are 6 reasons why your inbox needs Mimecast email security.

Protection From Other Attack Vectors

While email security is an important element in maintaining a strong cybersecurity posture, it is just one of many factors that contribute to a secure computing environment. iCorps’ Managed Security solution is based on a “Defense in Depth” model. The idea is that your network should have more than one layer for each security category. iCorps' Managed Security supplies:

  1. Web content filtering
  2. Strong two-factor authentication
  3. Intrusion detection and prevention
  4. Firewall with deep packet inspection

Learn about iCorps' Managed Security offerings, including anti-virus email software, today.

New call-to-action

Related Content:
SMS Phishing: 5 Ways to Avoid SMiShing Attacks - iCorps
New Study Finds Alarming Financial Impact of Data Breaches - iCorps