Email Security: The Evolution from the Late 1990’s to Present Day

When email went mainstream, inboxes have been under a constant barrage of unwanted messages containing phony ads, viruses and fraudulent links all sent by hackers and spammers. Each time security vendors and internet service providers (ISPs) create new techniques and tools to eliminate and/or reduce the threat the same charlatans have found other ways to get around the updated defense system. This is still true today, from the time of spam moderation (early 2000s) to the protection challenges of business email compromise (BES) of today

Now that email has become a critical and predominate business communications channel, the threats have grown to match; 9 out of 10 cyberattacks consistently begin with phishing emails. Consequently, email security is now an ever-evolving practice. More than half of the 235+ billion emails per day that are sent around the globe are between businesses according to Radicati Group. Nearly a quarter of the 90+ emails an average business email user receives is spam.

Champion has partnered with IRONSCALES, who is pioneering the use of artificial intelligence, machine learning and big data in lieu of the more generalized email security solutions that deploy threat detection technology using rules and signature-based filters. Years ago they recognized that a combination of machine intelligence and security awareness training to work as one unit to fight advanced phishing threats, not in silos.

This recognition and attention to details in this ever evolving threat landscape of email phishing threats is how IRONSCALES advanced into a high-growth-stage security leader in only a couple of years. As IRONSCALES keeps pressing forward with new advancements in their anti-phishing technologies and solutions, the timeline below details how the company achieved their great success.

Generation 1 (Late 1990s through 2012): Filtering Out Spam & Viruses

Once email became popular in the 1990’s, individuals could send and receive messages with little verification or accountability and even fewer security standards. Now, inboxes are bombarded with spam. Fake brand ads and registered domain names that are strikingly similar to legitimate household branded companies also started appearing as scammers and hackers adapt to current technology.

At the time, security providers and ISP’s saw unwanted emails are more of a nuisance than threat. That all changed in 1996 when AOL started using the term “phishing” to warm about hackers creating phony AOL accounts to coerce sensitive information from unwary victims. These attacks were frequent and varied as hackers tried and tested new strategies which made the environment feel akin to the Wild West.

As a result, ISP’s began implementing filters for special patterns and keywords that were prevalent in the irrelevant emails that cluttered customers inboxes. The primary strategy at that point was to send obvious spam mails to the filter, thus reducing the risk that users would fall for the scam or respond to the email. In 2009, Sender Policy Framework (SPF) also started to have an uptick in adoption, with Domain Keys Identified Mail (DKIM) for email authentication following close behind.

Symantec estimated that by 2010, 88 percent of email traffic worldwide was fraudulent. Next generation email filters put users ins greater control of their mailboxes with more sophisticated filtering features like black and white lists using basic attach signature detection capabilities. By tapping into engagement metrics to determine which emails users wanted to receive, ISPs enabled their customers to more effectively block or divert spam/scam messages.

Within a year of its deployment in 2012, Domain-based Message Authentication, Reporting and Conformance (DMARC) was protecting 60 percent of the worlds mailboxes. On the flipside, by the end of that same year, phishing attacks had grown from 176 unique attacks in all of 2004 to 28,000 alone in December of 2012; this also included over 500 million dollars in damages from these attacks.

Generation 2 (2012 – 2016): Phishers Bait Emails Using Links & Attachments

Spear-phishing attacks prompted the second generation of email security. These fraudulent campaigns deployed emails that were laden with links and attachments meant to trick recipients into inadvertently installing malicious code from downloaded content.

Spam filters at the time were no match for such an advanced phishing technique, so SEGs (secure email gateways) that featured AV scanners, threat emulation and sandboxing solutions for real-time detection of malicious attachments and links began gaining popularity. Employers also started training their staff to better identify phony requests and emails around this time. The awareness training was a heavy investment to turn their staff into internet security detectives.

More awareness came with a cost however. SOC (security operations center) teams were increasingly bogged down with false positives. In fact, the sheer volume of incidents overwhelmed these teams, who spent too much time delving in piles of reports instead of catching the dangerous threats that slipped through the cracks, resulting in a longer remediation process.

By the end of 2016, organizations were paying approximately $1.5 million for each spear phishing incident, as SOC teams could only fix up to 8 incidents per day.

Generation 3 (2017 – Present): Business Email Compromise & Ransomware Heighten Risk

The response from cyber criminals regarding increased SEG technology and employee awareness was for them to employ new BEC strategies that were bereft of links or files; thus, making it very problematic for both humans and SEGs to identify. With each successful attack, hackers gain control of a superior or co-worker’s email and then target others in the company to lobby for sensitive information to execute fraudulent transfers. These challengers also started sending more time researching and building specifically-targeted spear-phishing attacks delivering ransomware; hitting an estimated 56 percent of worldwide businesses in 2017.

Currently, for email compromise protection to support businesses, there is an emerging third generation of email security where machines and humans work together 24/7 to detect, respond to, and prevent advanced phishing threats. IRONSCALES is the pioneer of this generation, and as such has organized a bottom up method for email security; using deep scans and machine learning algorithms to differentiate between normal and trusted email communications and spam. Even the most sophisticated phishing attacks – BEC and ransomware that evades both gateway security and humans – can now be stopped post email delivery due to the mailbox visibility. Now the burden and risk has been lifted from the SOC teams by automating and orchestrating productivity and supporting decisions.

Request a Demo

Learn more about IRONSCALES email phishing solution and request a demo today!

https://ironscales.messageops.com/

 

PREV

Top 10 Features & Benefits of Disaster Recovery as a Service (DRaaS)

NEXT

Will the Un-Hackable Typewriter Gain Market Share in 2019?

WRITTEN BY:

Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.

 

Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.

 

Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!

 

As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.

 

He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.

 

Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.

 

Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.

 

In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.

 

Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.