If you’re anything like me, you dread waking up every day and going to work to check your inbox. Countless emails from mailing lists with coupons, newsletters, and call-to-actions all pulling you in a hundred different directions.
We spend on-average almost 20 minutes a day checking our inbox during a standard 8-hour working day, adding up to almost 87 hours a year wasted pouring over stuff that we read. Even worse, the average email open rate for email is only 15-20%, meaning that this time is even more wasteful, given that there’s nearly no benefit to us to be doing this.
Let’s shift gears from time-wasted, to security risks involved. If we look at email as an attack vector, it is an incredibly effective, if not the-most effective tool that attackers will use to leverage control of a user account or system. According to the Verizon Data Breach Investigations Report (DBIR) 2019, 94% of all delivered malware was sent utilizing email as the main mechanism. That’s an absolutely terrifying statistic.
If you read further into this report, you’ll also discover that 32% of breaches involve some form of phishing for information, leading to users VOLUNTARILY giving attackers the information without them even knowing. From a personal standpoint, this is already very risky. If sent to a malicious link, you could be tricked into entering your username and password for your banking login into the wrong site by mistake if you are not careful.
To make matters worse, this is a flagrant problem in the business community. Even with Security Awareness training, email filters, and daily virus definition updates, there is always a human factor. Users will only be as secure as they want to be, which can make the job of managing an Information Technology Environment difficult.
In many cases, you will see this problem remediated using complex filtering engines that may do what appear to be simple things. For example, we utilize a product called ProofPoint in our office that will re-write all links in an email to redirect you through a threat scanning engine before delivering you to your destination. This adds an additional layer of protection that can help protect you, even if you fall victim and click that malicious link.
Even though email has been around for over 30 years, we still have yet to develop a perfect way to solve this problem. As of April 2020, the average daily email volume calculated by Cisco Talos Intelligence was about 377.84 Billion Emails. Out of that count, only 14.95% (63.34 Billion) emails were considered ‘legitimate’ emails that did not classify as a form of spam.
To combat this problem, you need to utilize a multi-faceted approach. By layering Security Awareness Training with a Strong Email Filtering Engine, and combing this with network-level security and endpoint security, you can protect the Mailbox, the Computer, the Network, and the User with to provide the best line of defense.
A good option for something like this is to hire a managed service provider to complete these tasks. Specializing in these services ourselves, we can help you develop strategies that can mitigate these risks, slim down your inboxes, and give time back to your users. With our systems standing in between you and the rest of the world, we can ensure that you only receive what you need, and we take care of the rest.
- 32% of Breaches
- Involve Phishing 85% of Emails
- Are considered ‘illegitimate’ 90% of Breaches
- Are caused by Human Error 70% Improvement
- Can be Achieved w/ Training