Q&A – the 2020 email threat landscape in Australia and New Zealand. With Thom Hooker.
In May we completed an in depth analysis of the millions of inboxes and billions of emails we filter for our 1000+ clients across Australia and New Zealand. We spoke to email evangelist and SMX co-founder Thom Hooker about what the results show and what they mean for business across the two countries.
Q: We see in the report that spam is 85% of all email volume, is it the threat it was?
A: Spam still is out there but it's not the threat that it was. Basically, two things have changed, I guess over the last few years that have affected spam attacks. One would be that our technology has changed an awful lot and we're now able to detect spam a lot better than we were. And the bad actors have changed tack a little bit and they're now creating targeted attacks, specifically targeting organisations. And in general, a lot of those attacks are ending up on 365 generally, because it's such a popular platform.
Q: Can you give us a quick breakdown of the current threat environment?
A: So the area that's currently under threat in this part of the world is commonly known as business email compromised, and that's generally a social engineering attack over email. It generally starts out with someone external to the organisation pretending to be someone within the organisation and they are spoofing or stealing a person's identity. Generally with the aim of either changing bank account details or sending some funds outside of the organisation to an external destination.
Q: Who are these threats generally affecting?
A: So generally these business email compromised attacks are targeting senior or mid level staff within an organisation that are involved in financial authorisation workflow processes. Once they have a legitimate conversation with one of those staff members engaged, they will then seek to open up that conversation and ultimately either get something like bank details changed or send funds externally outside the organisation to the nominated bank account.
Q: Other than a robust email filtering system, what tools or tactics do you recommend organisations employ to better protect themselves?
A: So firstly training's a really important key to help defend against these kind of attacks; training staff to learn what a bad email looks like and to avoid opening them. Secondly, deploying multi-layered technology defences against these types of attacks is really important too. Technology is now able to automatically detect a large number of these sorts of attacks. Thirdly, deploying custom rules that are specific to your organisation's needs around the DLP, whitelisting and blacklisting type scenarios. Finally, probably the most important tool at the moment is deploying DMARC which really helps defend against business email compromised attacks.