Cybersecurity Awareness Month: Sophisticated Email Attacks Demand More Intelligent Defenses

Earlier this month, Osterman Research published a new study to quantify the direct costs borne by organizations in mitigating phishing threats and to explore expectations about how phishing will change over the next 12 months.

The Business Cost of Phishing shows that IT and security teams spend one-third of their time handling phishing threats every week. Seventy percent of organizations spend 16-60 minutes dealing with a single phishing email message. On average, dealing with the threat of a single phishing email takes 27.5 minutes at a cost of $31.32 per phishing message. Most respondents expect the impact of phishing to get worse over the coming 12 months, with 67 percent expecting the time spent on phishing per week for IT and security teams to stay the same or increase.

A diverse set of increasingly sophisticated phishing threats are causing "concern" or "extreme concern" for organizations, including:

• Adaptive techniques to create unique attributes for each phishing message (51 percent),
• Compromised account credentials to hijack current email threads to send phishing threats (48 percent), and
• Advanced obfuscation techniques to hide phishing threats (48 percent). 

Phishing is spreading to other tools, too. Almost half of respondents state that phishing is spreading to:

• Messaging apps (57 percent),
• Cloud-based file-sharing platforms (50 percent), and
• Text messaging services (49 percent).

U.S. Cybersecurity Awareness Month occurs every October. It started in 2004 when the President and Congress first dedicated the month to helping individuals and businesses protect themselves online as threats to technology and confidential data become more commonplace. Cybersecurity Awareness Month, organized by The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), has focused increasingly on the harmful and sophisticated range of email threats.

Companies like Pax8 are leading collaborative efforts between government and industry to raise cybersecurity awareness nationally and internationally.

"We are very proud of the cybersecurity innovators whose solutions can be discovered and procured on our cloud marketplace," said Scott Chasin, Chief Technology Officer of Pax8 and a cybersecurity industry veteran. "The adoption rate within that category continues to rise, and given that cloud-delivered services across the board all need to be protected and continually updated based on new threats posed by the multi-trillion-dollar cybercrime industry, we are doing our part to contribute to exposing the latest vulnerabilities and risks by sharing the capabilities of our cybersecurity marketplace vendors."

One such company is IRONSCALES, an email security company whose powerfully simple email security solution helps fight back fast and keeps companies safe in today's cloud-first world.

"Their self-learning, AI-driven platform continuously detects and remediates advanced threats like Business Email Compromise (BEC), credential harvesting, Account Takeover (ATO), and more," Chasin said.

Founded in Tel Aviv, Israel, in 2014 by alumni of the Israel Defense Force's elite Intelligence Technology unit, IRONSCALES is headquartered in Atlanta, Georgia, and provides solutions to tens of thousands of companies, with an increasing emphasis on the cloud.

"We are the only solution to integrate email security and awareness training into a single offering; this ensures that employees maintain their edge by spotting phishing emails," said Mark Fitzmaurice, Senior Vice President, Global Channel Sales IRONSCALES. "We recently expanded with anti-phishing protection for Microsoft Teams collaboration environments."

"The key is in the combination of AI and human intelligence," Fitzmaurice added. "There is an alarming rise in phishing attacks, which are so well designed today that even the savviest executives have been lured to click on nefarious links, exposing credentials and enabling access into confidential, private, and valuable information databases, applications, and networks."

Earlier this year, named No. 875 on the annual Inc. 5000 list, a prestigious ranking of the fastest-growing private companies in America, IRONSCALES is continually investing in new enhancements driven by new attack vectors and campaigns. Eyal Benishti, Founder and CEO of IRONSCALES, credits the popularity and growth of the company’s email security solution to "how amazing our team is and how powerful, yet simple, our email security solution is. As the pioneer of the integrated cloud email security (ICES) category, nothing makes us prouder than getting this kind of recognition year over year."

The company last month shared "3 Ways to Boost Your Organizations Email Security for Cybersecurity Awareness Month,” recommending the following:

Scan for existing threats

You may already have a Secure Email Gateway or another service that checks for phishing emails before they get delivered to your mail server or cloud-hosted email service. However, while those rule-based tools effectively block known phishing attempts and emails with malicious links and attachments, they have limited support for advanced threats.

To address advanced email attacks that slip by your perimeter defenses, consider running regular scans of your mailboxes to identify the idle threats sitting in your inbox, learn what types of threats are sneaking through, and which teams and individuals are targeted the most.

Offer Specific Training

Anti-phishing tools are great at detecting and blocking threatening emails. Some tools can block up to 99 percent of all phishing attacks. However, when hackers send over 3 billion spoofing emails daily, the 1 percent of the phishing emails that get through could be costly.

Whether you provide your employees with email security training at the end of a phishing simulation test or want to conduct a more organized security awareness training initiative, educating your users on how to spot emails for phishing threats, avoid interacting with them, and alert Security and IT of the attempt will protect your business, boost your user's security awareness, and will make your job a bit easier.

Start Running Phishing Simulation Tests

Training is great, but the only way to know for sure if it's working is to test it. This can be done two ways, waiting for a user to interact with a legitimate phishing attack that slipped through the system or setting up simulated phishing campaigns that mimic actual threats.

Don't use outdated phishing themes in your simulations. Think like today's cybercriminal and use language and strategies that mimic the attacks that are actively occurring so your users can prepare for relevant threats and you can identify where more training is needed. Take the simulation one step further and customize the test based on the recipient's role, function, or access level.

The IRONSCALES plans are tailor-made for MSPs and MSSPs, many of whom acquire their software through distributors and channel partners like Pax8.

"Cloud has forever changed how organizations must protect themselves against advanced phishing attacks, including fast-moving BEC, ATO, and more," Fitzmaurice said. "Working with Pax8 has increased the ease and speed of onboarding, so MSPs, MSSPs, and their end customers see an immediate benefit. Our cloud-first approach is so valuable to managed service providers because it reduces security team workload, covers multiple email platforms (O365, Gmail, Exchange), and bundles in integrated security awareness training."

According to a new market research report, "Managed Services Market by Service Type (Managed Security, Managed Network, and Managed Data Center and IT Infrastructure), Vertical, Organization Size, Deployment Type, and Region - Global Forecast to 2026," the global Managed Services Market size is expected to grow at a Compound Annual Growth Rate (CAGR) of 7.9 percent during the forecast period, to reach $354.8 billion by 2026 from $242.9 billion in 2021.

"Small to mid-sized enterprises (SMEs) are becoming increasingly aware of cybersecurity as a major area of concern," Chasin said. "Industry experts agree that most SMEs don't have the skills to properly manage cybersecurity. Cloud-based cybersecurity services represent a massive window of opportunity for MSPs, and we are committed to ensuring that companies like IRONSCALES can be found and their advanced services consumed efficiently over our growing, global marketplace."