Email Archiving and Encryption: Vital Components of a Digital Security Strategy


Thought Leadership

Email Archiving and Encryption: Vital Components of a Digital Security Strategy

David Bisson

Email attacks are one of the top digital threats organizations are facing in today’s world. According to Verizon Enterprise’s 2019 Data Breach Investigations Report (DBIR), nearly one-third (32%) of digital attacks begin with a phishing email. Phishing was also the top threat action variety evident in the data breaches analyzed by Verizon Enterprise.

Ongoing Organizational Challenges with Email Defenses

The statistics shared above highlight the importance of utilizing proper email defenses in an organization. Unfortunately, it’s not always easy for organizations to strengthen their email defenses. In the 2019 CISO Benchmark Study, for instance, 56% of respondents informed Cisco that they felt it was very or extremely challenging to defend against risky email security behaviors such as a user clicking on a malicious link. Even more than that (70%) told Cisco that email security was challenging in 2018, with respondents indicating that they had suffered significant operational and/or financial consequences as the result of a successful email attack.

This brings us to why organizations can’t afford to leave themselves vulnerable to an email attack. According to Avanan, a successful phishing attack costs an organization with $100 million in revenue about $7.2 million—approximately 10% of the organization’s annual revenue. Much of the associated cost is incurred during the recovery phase.

These costs arose from several different sources, not just the process of cleaning up the IT environment post-incident. Organizations must then commit resources towards rebuilding their reputation in the eyes of their current customers as well as their potential clients. That’s easier said than done. According to Deloitte, a third of customers said that they would stop doing business with an organization that had suffered a data breach—even if the organization hadn’t suffered any material loss. This finding agrees with one from Aviva that 60% of organizations consider moving their business elsewhere following a data breach and that 30% actually do.

Organizations also can’t forget about the noncompliance fines they’ll need to pay if regulators find them in violation of specific data protection standards to which they are bound based upon their industry, location or stored data.

The Evolution of Email-Based Attacks

Digital attackers aren’t making it easy for organizations to improve their email defenses, either. In December 2019, Microsoft revealed three notable phishing trends that its researchers spotted during the year:

  • Hijacked search results: One phishing page detected by Microsoft in 2019 incorporated links to Google search results that were poisoned. Those links pointed to an attacker-controlled page that redirected users to a phishing page.
  • Customized 404 Not Found pages: Digital attackers began using 404 pages crafted as phishing pages. Those pages gave malicious actors the ability to continuously craft malicious URLs for their campaigns.
  • Man-in-the-Middle components: In one campaign detected by the Redmond-based tech giant, phishers sent out emails with URLs that pointed to an attacker-controlled server. In response, the server produced a man-in-the-middle component that simulated a sign-in page used by Microsoft.

At the same time, ransomware actors are becoming increasingly more sophisticated with their follow-up attacks to a successful email compromise. In November 2019, the Maze ransomware group stole data from Allied Universal and published the data online when the company refused to pay the ransom. Other groups, including Nemty, Sodinokibi, BitPaymer and DoppelPaymer, have since followed suit.

How Organizations Can Strengthen their Email Defenses

Organizations can strengthen their email security defenses by investing in a solution that automatically archives all of their digital communications. This solution should also automatically classify these emails, helping them to streamline their assessment, investigation and management efforts regarding digital threats. By employing an effective archiving solution, organizational concern about the effects of ransomware are also diminished.

Additionally, organizations need to protect the content of those archived emails. They can do this by using policy filters to automatically scan and encrypt emails and attachments that contain sensitive information. That tool should also give IT personnel the ability to quarantine emails and then review them for potential policy violations.