Think you know all the different email threat types that you need to defend against to keep your business safe? Educating yourself on what you’re up against is half the battle, particularly as attacks get more complex.
To help give you a better understanding of these 13 email threat types, we recently spoke with Don MacLennan, SVP, Engineering and Product Management, Email Protection, at Barracuda. He shared insights on which threat types aren’t getting enough attention and the best way to keep your business protected from sophisticated threats designed to get through your email gateway.
Why is it important to be aware of these 13 email threat types?
Many people are only aware of a subset, not all 13 threat types. For example, everybody knows about spam and phishing, but maybe they don’t know all the variants of phishing or the nastiest, most recent ones. It’s important to know there are 13 as opposed to the three or five you might be aware of.
Some of these threat types are really complicated in terms of people even understanding how they work, let alone how to protect against them. Partly, that’s because the labels the industry puts to them are not widely understood or consistent. If you polled people and asked what business email compromise is, you’d probably get a variety of answers, some of which are not at all accurate. So, I think it’s worth the time to educate people on these threats in depth. That’s why we recently published the new e-book, 13 Email Threat Types to Know About Right Now, and I’ll be hosting a webinar on the topic later this week.
What should organizations be doing to protect against all 13 threat types?
All 13 threat types are material risks, so you have to protect your business against all 13 because bad things, from data loss to monetary loss and more, can happen if you don’t. You need to look for a comprehensive solution that gives you the ability to be comfortable that you’re protected against all 13, not a subset. Artificial intelligence and API-based inbox defense can address the gaps in the email gateway and help provide total email protection against attacks. Companies that take an alternate technology approach, not using APIs, can’t protect you against all 13 threat types.
Which threat types aren’t getting enough attention? Which ones do organizations need to do more to protect against?
There is a difference between the size and the impact of these threat types. Some are attacks prevalent and well-known because they are high-volume attacks that have been around for a while, such as spam and malware, but the impact on the organization is smaller. These are the threat types that organizations are most prepared to protect against.
The threat types that are most dangerous may not be high volume, but they are highly targeted, making losses disproportionately high. In terms of monetary impact and destruction, these threat types have a bigger impact. For example, business email compromise makes up only 7 percent of spear-phishing attacks, but it was responsible for $1.7 billion in losses in 2019, according to the FBI. If you fall victim to one of these attacks, it could cost the organization potentially hundreds of thousands. But, because these attacks aren’t as common, many organizations have a false sense of security, assuming that the chance of falling victim is low. This kind of thinking leaves you at risk.
In both the eBook and the webinar, we do a deep dive to educate you on how these more complex threat types work and how prepared the bad guys are when they execute them.
How do you see threat types evolving? What changes do you expect to see next?
How these attacks specifically manifest in a given category is always changing, so it’s important to stay up to date how threats are evolving. The bad guys innovate. You need to keep paying attention because their tactics will change, and you need to understand that.
The bad guys follow the money, and that informs which threat types evolve. As certain threat types become more lucrative lately, you’ll see more cybercriminals attempting these methods and investing time to make them more successful. For them, this is an industry. They do all the same things that a legitimate industry does. They have to marshal their resources and figure out the return on investment of their time, so they follow the money.
Get a comprehensive solution with advanced technologies because the attacks are going to get even more sophisticated, and if you have a gateway-based solution it’s going to be less effective over time.
Join our upcoming webinar, “13 Threat Types to Know About Right Now” on Thursday, May 7 at 9 a.m. PDT/12 p.m. EDT to hear more from Don. Save your spot today!