Today, most IT professionals understand that it’s impossible to stop every attack. That’s led to a more nuanced understanding of diagnosing and mitigating attacks at points inside and outside an organization’s security defenses.
Email is no different. Roughly 306.4 billion emails are sent each day, and an average of 126 corporate emails land in the inbox of any single user. There’s no way to catch every phishing attempt before it enters your users’ inboxes.
In analyzing billions of emails, the GreatHorn Threat Intelligence Team identified 0.1% are definitively malicious. These are easy to filter out. Another 0.8% are statistically anomalous: they’re potentially malicious. However, quarantining all of them would also catch legitimate messages, resulting in a lack of efficiency. No matter how good your filters are, this 0.8% of email is somewhere in your system, representing a risk that the phishing attack will be successful.
It’s helpful to think of this risk in terms of the phases of an email attack. This allows your security team to focus on the risks present at each phase, and how best to mitigate those risks.
Risk exists in your email systems at each of these phases of a phishing attack, from email’s native vulnerabilities that make it an attractive medium for cybercriminals, to the malicious messages sitting in user inboxes right now, awaiting an unsuspecting user to open them and take an action.
The GreatHorn Threat Intelligence Team has aggregated data from a broad array of organizations, designed to help you quantify the risk across categories seen within email environments. Visibility into your organization’s risk exposure is important. Not all risks are considered equal, which is why we advocate a layered approach to match your organization’s risk profile.
We want to help you understand the risks your organization is facing in order to develop a comprehensive email security plan. To quantify your organization’s email risk profile, use GreatHorn’s Email Risk Calculator.