Cybercriminal tactics evolve over the years. There are, however, some techniques that are so effective that they never go out of style. One of most important attack vectors is email. Attacks that use this vector rely on the weakest point in an organization’s cybersecurity chain—employees—to steal data or install and spread malware.

And there are figures to back this up. Barracuda Networks has just published the latest edition of its annual study Email Security Trends, which analyzes the trends in cyberattacks on all kinds of companies and institutions. The report highlights one revealing fact: although professionals are increasingly confident with regards to email security, cyberattacks show no sign of letting up.

Thus, while 63% of those surveyed feel their organization’s data and systems are more secure than they were a year ago, 85% of companies based in the US are affected by email-based security threats. In short, there is still a long way to go.  In fact, the Email Security Trends report affirms that, given the rate at which this kind of threat is increasing, IT security could run serious risks.

Spear phishing, the greatest threat_

Phishing is the most common of all email-based threats. What’s more, just 9% of professionals trust their email security systems to detect these kinds of emails before they reach their inboxes. 43% recognize that their computers have been infected with malware due to an attack of this kind.

Within this trend, there is an especially dangerous subcategory: spear phishing. Whereas regular phishing sends out mass emails pretending to be some trustworthy institution (the receiver’s bank, their insurance company…), spear phishing goes one step further. These attacks are more focused, and target just one person or the core of their organization. The cybercriminal usually knows the victim, and knows, for example, where they work. This means that the email they receive will impersonate someone they trust—usually their boss. Once open, the email may contain an attachment infected with malware or, worse still, a request or a link to a website. In these cases of fileless malware, the redirected website will gather data from the employee in order to steal information, or otherwise will install malware on their computer without their realizing.

Cases of fileless malware are particularly dangerous, since the lack of attachment means that they can slip past email security systems, as well as the cybersecurity solutions on the computer in question. All of this means that they can easily get around their filters and, when the infection has taken hold, it may already be too late.

How to tackle spear phishing_

To deal with the hidden cybercrime that spear phishing can lead to, the Barracuda Network report mentions two essential technologies for this battle: artificial intelligence and machine learning. The report bases this on an irrefutable fact: there are places that human labor cannot easily get to, but that artificial intelligence can. A well trained machine learning algorithm will be able to update and improve the processes that detect threats in email. Besides this, another vital measure will be threat hunting, where automated solutions search for possible suspicious patterns while advanced cybersecurity professionals work on larger threats. This way, tasks are shared and prioritized in order to make them much more efficient.

In order for all of this to work, companies must be able to analyze everything that is occurring on their network in real time. So, while threats are always present, granular visibility and intelligent prediction will help to detect anomalous behaviors in order to stop them before they can go any further. In short, the aim is to reverse email-based cyberattack statistics and, more specifically, those related to spear phishing.

To achieve this goal, analysis, real-time monitoring, and the capacity to respond to any threat are all essential. Visibility and prediction are two of the axioms of Cytomic Platform, our cloud platform where artificial intelligence algorithms are used to process large volumes of data, attributes, events, and threat intelligence. All of this is supervised by cybersecurity experts.

This data analytics allows us to offer highly efficient levels of service in order to expand and accelerate the reduction of the attack surface, as well as the prevention, detection and response to any kind of cyberattack, be it with known or unknown malware, ransomware, APTs, or Living-off-the-Land techniques.