Getting Email Security Right: The MSP Perspective
Email is the most common attack vector for business cybersecurity breaches. It’s estimated that over 330 billion emails will be sent every day this year — and while training users to recognize potential email-borne threats is important, slip-ups are inevitable when dealing with such vast volumes of messages.
With the average breach costing $5 million, just one successful attack can spell doom for a small business. MSPs must take steps to understand the threat posed by business email compromise (BEC) attacks, and to ensure their clients are fully protected.
Types of BEC attacks and how they work
BEC attacks are generally performed with the aim of obtaining money from the target, though sensitive data may be sought as well. To execute this type of attack, the hackers gather intelligence that allows them to convincingly pose as someone else and convince the recipient to behave as if the email is legitimate.
Common types of BEC attack include CEO fraud, vendor email compromise (VEC), and false invoice schemes.
- CEO fraud is perhaps the most common form of BEC attack. Cybercriminals use highly targeted emails, spoofing the account of a CEO or other senior executive figure (or in some cases, obtaining access to the genuine account), to send seemingly legitimate requests for money or data. A prominent example is when hackers impersonated Snapchat’s CEO to obtain highly sensitive information about company employees in February 2016.
- Vendor email compromise (VEC) is where a cybercriminal gets in through one of the vendors working with the company. In March 2021, a cybercriminal compromised the email account of a law firm and sent a password-protected file including malware in the package. Because it came from a regular partner, the recipient didn’t identify the email as suspicious.
- False invoice schemes involve sending an invoice for payment for services that were not provided. For example, in 2013–2015, even Facebook and Google fell victim to a gang of cybercriminals who had set up a fake company and billed $121 million using legitimate-appearing invoices to their accounts payable departments.
Advanced email security checklist
While employee awareness training is still one of the most important parts of a good email security plan, modern attacks (like those listed above) are very convincing, and it only takes one successful attack to threaten an entire company. Go beyond traditional email security tactics and employ multipronged approaches utilizing advanced technologies to help keep clients safe.
- Early detection methods: Machine learning–based software to identify threats, using techniques such as domain-based message authentication, reporting, and conformance (DMARC); DomainKeys identified mail (DKIM); and sender policy framework (SPF). SPF is an authentication technique that enables receivers to identify fake emails ― even those originating from trusted domains.
- Scan all incoming email traffic: This should be done using advanced rapid-scanning techniques.
- Pattern and link recognition: Machine learning tools identify potentially dangerous links based on both actual URLs and familiar patterns from malware attacks. And computer vision analysis can recognize anomalies in images attached to emails.
- Attack pattern detection: Some machine learning and AI software packages identify patterns of virus behavior, such as computer virus signatures and irregularities in CPU usage.
Choosing email security partners
MSPs are responsible for email security, so choosing software vendors well is key. Best practices for finding the right email security partners include:
- Creating a checklist of email security essentials and requirements for vendor selection
- Identifying the vendors, integrators and cloud offerings that meet these requirements
- Considering a vendor’s reputation based on independent lab reviews, customer testimonials, and discussions with the vendors themselves
- Reviewing demos and trialing software from shortlisted vendors
The best security partners will invest time in creating a detailed proof-of-concept and customized solution for MSPs. One-size-fits-all solutions are far from ideal for most MSPs, who often need to provide different capabilities to different clients (without paying for anything unnecessary). Testing customized solutions in a sandbox environment is important to ensure complete protection coverage.
The Acronis suite for MSPs
Acronis has developed an Advanced Email Security pack for Acronis Cyber Protect Cloud, based on Perception Point — a powerful machine learning platform that protects organizations against BECs, APTs, phishing, and malware before malicious messages ever reach protected servers. With nearly two decades of experience working with MSPs, Acronis is able to provide customized offerings that tick all the boxes for advanced business email protection.