Is user awareness the replacement for technical protections?
First of all, let’s take a look at what all comes in via email.
First of all we have spam or unwanted emails. These contain a form of advertising and can often be disruptive, but are otherwise harmless. This forms the largest group of incoming unwanted emails.
The next category is messages containing a virus or malicious code. For example, the attachment contains a Trojan horse or a just-generated ransomware. On- and offline techniques will recognize and block these. The frequency of such attacks is getting smaller by the day.
These groups of email messages are generally removed by so-called “anti-spam” systems even before they arrive in your mailbox.
It gets more difficult when the hacker starts fishing. Whether it is general “phishing” or targeted “spear-phishing”, it is not obvious for a computer system to distinguish these mails – which do not have an attachment – from mail with a legitimate request. For this, AI systems are used that compare historical information to recognize found patterns in new mails.
The possibilities for a hacker to fool the user are therefore numerous. They can play on your personal interests or try to lure you to fake web pages where you have to log in to know your password.
It only becomes really difficult to recognize an attack when the mail actually leaves the legitimate sender’s mailbox. For example, if a supplier has fallen into the trap, then a seemingly genuine e-mail may be sent from there asking you to pay all invoices to a new account number from now on. This “account takeover” can also be recognized by AI systems.
(Spear) phishing is the largest growing group among unwanted emails. The hackers are also becoming more inventive and professional. It is therefore not surprising that such an email occasionally slips through the cracks. That is why User Awareness trainings are indispensable and form the last link in your email security story.
Because not everyone is equally strong in this, users can help each other by reporting the mails, after which they can be removed from the mailboxes of the other users.
Then back to the original question. If we did not use all these technologies, we would be inundated with unwanted mails of all kinds. Even just the phishing mails are a nuisance in terms of quantity. After all, each user has to do individual analysis. The chance of clicking a little too quickly on a down day with little time also increases when the number of phishing mails increases.
So a good combination is the message.
Moreover, there is more than just email security. You can also just surf to a wrong website, blindly pay a paper bill, or respond to a phone or text message. Again, the combination of technology and user awareness training.
Barracuda offers complete protection of your Microsoft 365 environment with their various Email Protection Plans. Divided into different action domains, Barracuda combats hackers with Anti-Spam and Advanced Malware protection, AI technology to recognize Phishing messages, protection against “account takeover” and other forms of “impersonation”, automatic or non-automatic withdrawal of phishing emails and all the tools needed to quickly analyze a reported incident, archive mailboxes and secure the entire Microsoft 365 environment with cloud-to-cloud backup. Everything is managed from one central platform.
Download the e-book around 13 types of email threats.