Why you need layered email security to protect against advanced threats
Email remains one of the most crucial communication tools for organisations worldwide, but it is also a prime target for cyberattacks. According to Barracuda's Email Threats and Trends report, advanced email threats like business email compromise (BEC) and conversation hijacking are on the rise.
Growing threats from email-based attacks
In Australia, the latest Notifiable Data Breaches Report by the Office of the Australian Information Commissioner (OAIC) shows a sharp increase in cyberattacks targeting small and medium-sized businesses (SMBs). Many ransomware attacks start with an email and, together with email-based threats like phishing remain a major concern, particularly for sectors such as healthcare and education, which face resource and budget constraints that limit their cybersecurity efforts.
With Large Language Models (LLMs) becoming widely accessible each year, along with Artificial Intelligence (AI) tools that can easily assist in impersonation or deploy keyloggers, infostealers, and remote access trojans, the threat landscape for email attacks is evolving rapidly. Data from Barracuda's report highlights that 10.6% of social engineering attacks now involve BEC, an increase over the last 3 years. Meanwhile, conversation hijacking—a tactic where attackers insert themselves into legitimate email threads to deceive recipients—has seen a 70% rise since 2022. More recently, attackers are exploiting users' familiarity with QR codes and URL shorteners to bypass traditional email filters. In fact, this time last year, 1 in 20 mailboxes experienced QR code-based attacks.
With email the backbone of organisational communication, a layered approach to email security is vital to safeguard business continuity and sensitive data.
Benefits of a multi-faceted approach
Layered email security refers to an integrated approach that leverages multiple tools and techniques to combat the growing complexity of email-based attacks. Effective security now relies on a combination of traditional filtering mechanisms and advanced AI-driven detection. Here's how the different layers of protection come into play:
Layer 1: Spam and malware filters
These serve as the first line of defence, blocking low-level threats like spam and basic phishing attempts. Spam makes up a significant portion of overall email traffic, and by using filters to stop the majority of such common inbound threats, organisations can ensure more sophisticated attacks stand out and can be more easily detected.
Layer 2: Advanced AI-based threat detection
Advanced AI systems detect more complex threats that traditional filters might miss, such as spear-phishing and BEC. With attackers increasingly using AI to fine-tune their methods, organisations must also rely on AI to defend against evolving threats.
Layer 3: Behavioural monitoring systems
While not common, conversation hijacking is often the result of an account takeover where attackers have compromised login credentials to carry out fraudulent activities. Behavioural monitoring systems have become a key part of multi-layered security because they can identify unusual activity within internal and external conversations between employees, partners, and customers.
Layer 4: Multi-factor authentication (MFA)
MFA adds an extra layer of security, ensuring that even if credentials are stolen, unauthorised access is still blocked. This reduces the risk of account takeover significantly. By adopting Zero Trust frameworks, sensitive data is secured, and the additional access control provided means that compromised credentials alone are insufficient for attackers to infiltrate systems.
Layer 5: User education and awareness
Employees are the additional line of defence in the cybersecurity chain. Regular training can prevent users from falling victim to phishing attacks and their reporting of suspicious emails helps to train the AI detection tools to stop future attempts. As part of their ongoing education, businesses should conduct regular phishing tests and update employees on the latest social engineering tactics to uphold strong security posture.
In today's rapidly changing threat landscape, a multi-layered email security strategy is no longer optional; it's essential. Australian businesses, especially SMBs, need to assess their current defences and consider upgrading to a comprehensive solution that combines advanced detection techniques, user education, and robust authentication measures. As attacks become more sophisticated, email security must adapt accordingly so organisations remain protected against the evolving threat landscape. A layered approach is the most effective way to prevent costly email attacks and preserve business continuity.