table of contents
What is Email Security?
Main functions and measures of email security
1. Antivirus function
2. Encryption function for the text and attachments
3. Spam filtering
4. Authentication function
5. Mis-sending prevention function
6. Data Loss Prevention (DLP)
7. Log monitoring
Email security product deployment types
Why is email security necessary? Three reasons why
1. 94% of cyber threats originate from email
2. Many email-related threats ranked in the “Top 10 Information Security Threats 2024”
Threats that can be addressed by email security
Business email compromise
Phishing attacks
Malware/ransomware infection
Email account hijacking
Information leakage due to erroneous transmission
Email interception
For email security measures, leave it to NDR “Darktrace”
summary
Email security refers to technologies and measures to protect emails from “external attacks” such as business email compromise and unauthorized access, and “internal threats” such as emails sent to the wrong address.
The main functions and measures of email security are as follows:
- 1. Antivirus function
- 2. Encryption function for message body and attachments
- 3. Spam Filtering
- 4. Authentication function
- 5. Mis-sending prevention function
- 6. Data Loss Prevention (DLP)
- 7. Log monitoring
Since email remains the most commonly used communication tool in business, companies and organizations are required to continue strengthening their email security.
In this article, we will explain the necessity of email security, its main functions, and specific threats that can be addressed.
To summarise this article:
- Email security is a measure to prevent cyber attacks and data leaks via email.
- 94% of cyber threats originate from email, making email security a major issue
- The main functions and measures of email security include “antivirus,” “encryption function,” “spam filtering,” “authentication function,” “prevention of erroneous sending,” “data loss prevention (DLP),” and “log monitoring.”
- There are three types of email security products: cloud-based, gateway-based, and endpoint-based.
- Threats that can be prevented by email security include “business email compromise,” “phishing attacks,” “malware and ransomware infections,” “email account hijacking,” “information leakage due to missing emails,” and “email eavesdropping.”
What is Email Security?
“Email security” refers to the technologies and measures for protecting emails and communications from all kinds of security risks, such as cyber-attacks that exploit emails and information leaks due to missing emails.
According to the “Business Email Survey 2024” conducted by the Japan Business Email Association, the number one method of business communication among people who have email addresses is “email” (98.6%).
Even now, when chat and video conferencing tools have become widespread, business communication via email remains popular, and email continues to be used in cyber attacks and causes a great deal of damage.
Cyber attacks using email
- ・ Targeted attack emails
- ・ Phishing scams
- Business Email Compromise (BEC)
And more.
In addition to the above external threats,
- ・ Mis-sent emails due to human error
- ・ Employees taking out confidential information via email
There is also a risk of information being leaked due to internal threats such as:
Therefore, email security is an essential measure to deal with both external attacks and internal risks.
Main functions and measures of email security
Here are some of the main email security features and measures you should know about :
- 1. Antivirus function
- 2. Encryption function for message body and attachments
- 3. Spam Filtering
- 4. Authentication function
- 5. Mis-sending prevention function
- 6. Data Loss Prevention (DLP)
- 7. Log monitoring
1. Antivirus function
The antivirus
function detects malware (a general term for malicious software or code) that is hidden in email attachments or links, and removes it before it can cause damage to your system.
Scanning emails and quarantining or deleting malware protects recipients’ devices. As a basic security measure, it is important to always install an antivirus.
2. Encryption function for message body and attachments
By encrypting the contents of the email
S/MIME allows you to digitally sign emails and exchange encrypted messages. PGP is an efficient encryption method that combines public key cryptography and symmetric key cryptography.
3. Spam filtering
Spam
filtering detects and blocks unwanted spam emails before they reach your inbox.
Nowadays, even free email services have a wide range of spam filtering features, and users can set them up to minimize the impact of unwanted emails.
4. Authentication function
Authentication
is a technology to prevent spoofed emails and increase the reliability of emails. The main authentication technologies are as follows:
DKIM (DomainKeys Identified Mail)
This technology uses electronic signatures to check whether an email is a spoofed one.
When the sender adds a “digital signature” to the header of an email, the recipient can verify it and confirm the authenticity of the email.
SPF (Sender Policy Framework)
SPF is a mechanism to check whether the sending IP address has the authority to send email from that domain (whether it is spoofed). The mail server authenticates the sender based on the sending permission list registered in DNS.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
An authentication protocol to prevent email spoofing. DMARC allows the owner of the sending domain to specify an authentication policy for email and receive the results. Also, by verifying the sender’s domain at the receiving server, it is possible to prevent the delivery of fraudulent emails (such as phishing and spam).
● SPF and DKIM …Technologies for authenticating email senders. Each method verifies the legitimacy of the email.
● DMARC …Integrates the results of SPF and DKIM to control how to handle spoofed emails. Also provides a mechanism to receive reports of emails that fail authentication.
5. Mis-sending prevention function
The erroneous
Specifically:
- – Display a pop-up to warn you before sending
- – Automatically set BCC
- – Restrict sending to free addresses
There are things like:
6. Data Loss Prevention (DLP)
Data
Loss Prevention (DLP) monitors sensitive data contained in emails and filters them based on policies.
For example, if a policy stipulates that “emails containing important data such as credit card numbers or personal information cannot be sent,” the system will detect such emails and block them from being sent or notify the administrator.
DLP is effective in preventing unintentional information leaks and regulatory violations.
7. Log monitoring
The log
monitoring feature collects logs related to sending and receiving emails and monitors for abnormal activities and threats.
Specifically, the log records when, who, where, and what content was sent.
By checking the logs, you can quickly detect and deal with any missing emails or suspicious email exchanges by employees.
Email Security Product Deployment Types
When implementing email
- ・ Cloud-based: Type that can be used over the Internet
- ・ Gateway type: A type in which a dedicated device is installed near your company’s mail server.
- ・ Endpoint type: Software installed directly on the device.
The advantages and disadvantages of each are as follows:
merit | Disadvantages | |
---|---|---|
Cloud-based | ・No need to build a server in-house ・Initial costs are kept low ・Relatively easy to implement |
・Security features often cannot be customized. |
Gateway Type | ・Not affected by the number of devices owned ・Can process all emails, both internal and external, in one go |
・Server and mail systems need major overhauls ・Starting small is a long shot |
Endpoint Type | ・If you have a small number of devices, costs can be kept low . ・Can be used without knowledge of servers. |
・License management is difficult. |
Cloud-based email security eliminates the need to build your servers, allowing for quick deployment and low initial costs. Another advantage is that the latest security updates are automatically applied because it is cloud-based.
Gateway-type networks are deployed directly on an organization’s network, offering greater control and performance, but they are likely to require significant modifications to be deployed, and deployment and maintenance costs are a concern.
Finally, if you have a small number of devices, an endpoint-type product that can be installed on each device may be a good option. This ensures safety from external networks and can be installed even by people with no server knowledge.
However, it is important to note that the more devices you have, the more complicated management becomes.
Why is email security necessary? Three reasons why
Why is email security essential for companies and organizations (and ultimately for individuals)? We will explain with concrete data and the latest trends.
- 1. 94% of cyber threats come from email
- 2. Many email-related threats are ranked in the “Top 10 Information Security Threats 2024”
- 3. The most commonly used communication tool in business is “email”
1. 94% of cyber threats originate from email
According to a survey on email systems conducted by Darktrace,
- ・ 94% of cyber threats originate from email
- 1 in 99 emails are phishing attacks
These figures suggest that the number of cyber attacks using email remains high.
Furthermore, cyber-attack methods using emails are becoming more sophisticated every year, making it difficult to counter them simply by blocking suspicious emails.
Multifaceted email security measures, such as detecting malware in attachments and disabling URLs in the email body, are required.
2. Many email-related threats ranked in the “Top 10 Information Security Threats 2024”
Email-related threats also rank high in the 2024 edition of the “Top 10 Information Security Threats” published annually
▼Top 10 Information Security Threats 2024
Ranking | Threat Description | Last year’s ranking |
---|---|---|
No.1 | Ransomware damage | No.1 |
No.2 | Attacks exploit supply chain weaknesses | No.2 |
No.3 | Damage caused by internal fraud, such as information leakage | No.4 |
No.4 | Stealing confidential information through targeted attacks | No.3 |
No.5 | Attacks targeting software before patches are released (zero-day attacks) | No.6 |
No.6 | Damage caused by careless information leakage, etc. | No.9 |
No.7 | Increase in exploitation following disclosure of vulnerability information | No.8 |
No.8 | Financial damage caused by business email compromise | No.7 |
No.9 | Attacks targeting teleworking and other new normal ways of working | No.5 |
No.10 | Crime business (underground services) | No.10 |
*Red text: Threats that are particularly related to email
Ransomware is a method of infecting a computer with malware via fraudulent emails and attachments, and a typical method of targeted attacks is targeted emails (fake emails aimed at a specific target).
In addition, “missing emails” is one of the main causes of “6th place: Careless information leaks,” and it is clear that email-related security risks are selected in many of the top 10 threats.
The most commonly used business communication tool is email.
According to a survey conducted by the Japan Business Email Association in 2023, the top three methods of business communication are as follows:
“Email” (98.35%),
“Telephone” (82.44%), and
“Video conference/web conference” (75.52%).
Even now, when remote work has become widespread due to the COVID-19 pandemic and various new communication tools have been introduced, email still plays a central role in business communication.
Considering all of the above, email security is essential for any business or organization.
Cyberattack methods are evolving every day, so it is important to constantly keep up with the latest threat information and take appropriate measures.
Threats that can be addressed by email security
By taking proper email security measures, you can protect yourself from threats such as:
- ・Business email compromise
- Phishing attacks
- ・Malware/ransomware attacks
- – Email account hijacking
- – Information leakage due to erroneous sending
- – Email eavesdropping
Business email compromise
A business email compromise is a type of fraud where fraudsters send fake emails impersonating business partners or company executives in order to defraud people of their money.
In a recent case, a scammer posing as the CEO of a technology company sent an email to the company’s financial officer, asking him to transfer a large sum of money. The officer believed the email and ended up sending millions of dollars to the scammer
Phishing attacks
Phishing
attacks involve sending emails purporting to be from major companies or public institutions and tricking the recipient into clicking on a link in the email, which takes them to a fake website where they are tricked into entering personal information, which is then stolen.
Fake sites are often made to look exactly like genuine sites, so it is often difficult to tell them apart just by looking at them.
▼ Comparison of fake Mitsubishi UFJ Bank Websites Source
If a user unknowingly enters their login information or card number, the information will be passed on to an attacker. For more information on countermeasures, please see the following article.
This is an attack that spreads infection by attaching a malware-infected file to an email and getting the recipient to open it.
In particular, crimes and damage caused by ransomware, a type of malware, have been particularly rampant in recent years. Ransomware primarily infiltrates a target’s PC via email, encrypts files and data, and demands a ransom in exchange for recovery.
In the past, hospitals have experienced damage such as their systems being shut down by ransomware, making it difficult for them to accept patients, or hospitals having to pay large ransoms to attackers.
Email account hijacking
If an email account is hijacked through unauthorized login, there is a secondary risk that fraudulent emails or emails containing malware may be sent from that account to other employees or related parties.
For example, a company executive’s email account may be hijacked and used to send emails containing false instructions to employees or business partners, or a university professor’s email account may be hijacked and spam emails may be sent to an unspecified number of people, including students and other related parties.
Information leakage due to erroneous transmission
“A law firm mistakenly sent a client’s information to another client.”
“A medical institution accidentally sent patient information to a third party.”
There is a risk of information leaks if employees mistakenly send confidential internal information or personal data to an external party.
Such mistakes can not only result in liability for damages but can also cause the organization itself to lose credibility. In particular, for organizations and departments that handle a lot of personal information and confidential data, security measures to prevent erroneous transmissions are important.
Email interception
There is also a risk that an attacker could intercept incoming or outgoing email communications and read the contents of messages.
These threats can be addressed by encrypting the body of emails and their attachments.
For email security measures, leave it to NDR “Darktrace”
If you are considering an email security product, we recommend the NDR “Darktrace. ”
Darktrace is an NDR solution that collects packets from corporate and organizational networks and clouds, visualizes the communication status of the entire network, and detects abnormal behavior.
Dartrace is equipped with a self-learning AI that can understand the context behind emails and users’ email sending and receiving habits, making it possible to detect even highly accurate attack emails.
- ・Business email compromise
- Phishing attacks
- Social engineering
- – Unauthorized intrusion into business email accounts
- Impersonation
- Data theft
- Spear phishing
It can also autonomously detect various threats lurking in emails, such as:
In addition, the system automatically processes and executes set actions (e.g. disabling URLs or deleting attachments) according to the risk level of the email within approximately one second of receiving the email, thereby preventing the risk of the email being opened by mistake.
Darktrace is a cloud-based security solution that can be used in Microsoft 365 (Business Basic or higher license) or Google Workspace/G Suite (Enterprise plan or higher) environments.
Please see the following page for more details.
summary
In this article, we discuss email security, including its main functions, measures, and necessity.
Summary of this article
- Email security is a measure to prevent cyber attacks and data leaks via email.
- 94% of cyber threats originate from email, making email security a major issue
- The main functions and measures of email security include “antivirus,” “encryption function,” “spam filtering,” “authentication function,” “prevention of erroneous sending,” “data loss prevention (DLP),” and “log monitoring.”
- There are three types of email security products: cloud-based, gateway-based, and endpoint-based.
- Threats that can be prevented by email security include “business email compromise,” “phishing attacks,” “malware and ransomware infections,” “email account hijacking,” “information leakage due to missing emails,” and “email eavesdropping.”