How to implement an effective anti-spam strategy

Everyone gets their email filtered, otherwise inboxes would be totally unmanageable. Indeed about 70% worldwide traffic is well known spam, and easily detected and automatically removed, even before users notice.

However, email is still the first distribution method of ransomware in 2021 with millions of organisations having suddenly seen their data hijacked against ransom requests.

Different anti-spam filters can be installed at different levels of IT systems, but what should you really look at for in anti-spam solutions to be effective in today's always evolving email security?

One email is enough to jeopardise your entire company’s future. In this article, we will talk about email security strategies and what to look in an anti-spam filter in 2022!

Define your anti-spam strategy

Before evaluating your current anti-spam filter, or choose one, it is important to keep in mind the following:

YOU are responsible for your emails, no one else!

Even when your Internet Service Provider, email server, firewall and antivirus offer some email filtering components, even when all your email services are in the Cloud, you are still 100% responsible for your data and your emails’ security.

Train employees... but don’t rely on them!

In 2020, 30% of ransomware have been executed due to a "wrong click" of employees from a phishing email, but still, only 31% employees were trained on email threats and ransomware in 2021!

Education is very important, although your IT security strategy should not rely on it!

80% of malicious email attachments were PDF, PNG and JPG in 2021

Effectiveness Vs. efficiency

It’s not because you receive less spams than in the past that you are safe, nor that your anti-spam filter is effective!

You only need 1 bad email to jeopardise your entire network and entire company, so do not compromise on email security budget: It is more important to stop email attacks, phishing emails, prevent users from clicking on any wrong email link, than to save a few euros on anti-spam filters.

Spam types are evolving faster today than in the past and ransomware as a service is planned to grow in 2022.

How to choose an anti-spam filter?

1. Filter email attachments and body URLs

In 2021, content filtering based on keywords is not enough anymore! Your anti-spam must scan all attached files and hyperlinks in all emails.

Note that Microsoft365 Business Basic and Standard packages and Google WorkSpace Basic DO NOT offer this service. You need to take their Advanced Premium package to benefit from email attachments filtering option.

2. Multi-layered!

Phishing emails are more and more personalised and social engineering (or Business email compromise) is going to increase in the coming years as cybercriminals know how to get around most security filters. The more complex or personalised attacks become, the more effective your anti-spam filters need to be.

IT Security first rule has always been not to put all eggs in the same basket. Come back to this basic multi-layer IT security rule and multiply email filtering layers.

Our Email Security Cloud service has 15 types of filters, from IP reputation to content analysis, Advanced Email filtering, and maybe more importantly, it doesn’t rely on one major antivirus but on 5 of them plus its own business intelligence. We can even detect when a cybercriminal has hacked a computer to use his machine to send targeted spear phishing spams!

How we work, we give score and each time they have a problem with one of our filters, it adds score and more score they have we have threshold that doesn’t allow them to pass through. If score is not too bad maybe goes to quarantine.

3. The importance of anti-spam filter updates

Ransomware attacks are less frequent in 2021 than 10 years ago. However, they are more effective because they are trickier with smart phishing emails using social engineering.

Only paid anti-spam solutions are effective against latest generation attacks via emails. Our Email Security Service is actually getting updated every hour unless a Zero-Day threat is detected by one of our filtering engines which would therefore send update to all clients immediately.

4. Sandboxing: la crème de la crème

Expensive option but sandboxing is the option that can catch what any other solution has not caught, by opening unfiltered emails, attachments and URLs contained in messages in a safe machine apart from the network in order to check thoroughly its content. Sandboxing is also an option available in Savernova services.

5. What should happen with suspicious emails?

Companies such as Google, automatically remove hyperlinks from emails they believe contain phishing attempts, with no possibility to check it yourself, nor retrieve the information (should it not be malicious).

With Microsoft, it a bit different story. It simply deletes those emails, without even informing you.

What about a third option? Our Cloud Email Security Gateway keeps in quarantine all emails that are suspicious because they fail at passing one or several of our filters, without being totally threatening emails. Quarantine items can be released by IT administrators (or IT partner) or configured for each user to be informed when suspicious emails are in quarantine with the option to release them. Even better, administrators can entirely personalise the quarantine and any other filter! Contact us for further information.

Facts every company should know for 2022

• Email is the most common distribution method of ransomware.
• Ransomware-as-a-service is forecasted to grow in 2022. RaaS kit are sold as low as 50$; anyone can buy it and attack users all over the world.
• 37 % of all businesses and organizations were hit by ransomware in 2021.
• The number of organizations that have been impacted by ransomware has more than doubled since last year.
• Average ransom request for very small companies was: $5,900.
• Biggest paid ransom: 40million $, paid by insurance company on behalf of its client.
• 54% ransomware attacks were successful. Only 39% of them were intercepted on the network before they could encrypt any data.
• Smaller businesses often have adequate protection. As businesses increase in size, phishing emails become the most effective method of attack.

Conclusion

It only takes one click to compromise an entire network and company.

SMTP email protocol is old and weak, and cybercriminals know how to take advantage of it. Their always changing tactics, the increase in remove working, personalised phishing emails wreak havoc... so do ransom incomes and email frauds!

When is the last time you reviewed your anti-spam filter strategy?