The ubiquity of emails makes senders and receivers susceptible to cybercrime. Red Sift, a member of the Microsoft Intelligent Security Association, has developed software to help organisations to protect themselves against cybercrime.
“Almost 15 years ago the International Network Working Group officially labelled Simple Mail Transfer Protocol – or email as you and I would call it – as ‘inherently insecure’,” says Chuck Swenberg, vice president of strategy at Red Sift. “The group said that anyone could impersonate a domain and use it to send fraudulent emails pretending to be the domain owner. And this is borne out in the scale and breadth of business email compromise (BEC) attacks we’re seeing.”
As a result of this, the traditional means of Secure Email Gateways are no longer effective for business protection. Therefore, attackers have increasingly evolved tactics for email impersonation and scams.
In order to reduce risk, businesses first need to change the way they view and understand email threats.
“Language is a big barrier in tackling cybersecurity – people like to tightly define or use new terms to talk about seemingly different problems even though they usually have the same underlying issue,” says Swenberg. “That being the fact unsecured email is the chosen attack vector. All of the following are either cyberattacks carried out over email, or deployed via email: malware, ransomware, BEC, phishing, supply chain compromise and the newest kid on the block, lookalike and domain impersonation.”
Ultimately, if an organisation can secure its email and domains against impersonation, it can solve a lot of problems at once.
According to Swenberg, the essential defences that organisations should put in place to withstand daily attacks include secure cloud-based email hosting, a domain-based message authentication, reporting and conformance (DMARC) policy, two-factor authentications, password management, and spam detection and file scanning.
To extend threat protection, Red Sift also recommends brand indicators for message identification (BIMI) certification to display your verified logo on every email you send. It also advises spoof domain recognition, intrusion detection software, and security orchestration, automation and response system (SOAR) measures for advanced email security.
Red Sift is improving email security for companies. “We work seamlessly with Microsoft 365 to offer a purpose-built suite of cybersecurity solutions that work to block outbound phishing attacks, analyse the security of inbound communication for company-wide email threats, and monitor and take down lookalike or cousin domains,” says Swenberg. With this, organisations can continue to send and receive emails with confidence and protection.
This article was originally published in the Summer 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.