As important as Domain-based Message Authentication, Reporting & Conformance (DMARC) is to the fight against Business Email Compromise (BEC) and other advanced email threats, it's really just the first piece of the email security puzzle. And it certainly won't cut it alone.
Don't get me wrong. We've talked a lot about just how vital DMARC is to stopping email-based impersonation attacks. When properly implemented, this standard email authentication protocol ensures only authorized senders can use an organization's domain name for sending emails.
Without it, cybercrimals are free to spoof or hijack domains for use in phishing attacks targeting an organization's customers, partners, or other unsuspecting consumers and businesses.
But as imperative as it is, DMARC isn't enough on its own.
DMARC is Just the Beginning
Just look at the state of email security today.
Despite the wealth of new technologies and attack vectors at cybercriminals’ disposal, email phishing remains one of the most effective tools in the fraudster’s arsenal. Instead of slowing down, BEC scams are on the rise, accounting for more than $26 billion in losses since 2016, according to the FBI.
That’s why it’s imperative for companies in every vertical to have the most robust email security possible. DMARC is certainly part of that equation. But it's important to note that while DMARC protects an organization from being impersonated in email attacks, it does little if anything to defend against incoming phishing emails that impersonate outside individuals and organizations.
On that score, employee training plays an important role in helping to spot incoming phishing emails. But the sheer volume and velocity of new attacks mean education will only get you so far.
Technical security controls can help flag many suspicious emails, especially those that leverage malicious links or content. But cybercriminals have devised sophisticated approaches to ensure their fraudulent emails bypass those controls with troubling ease.
Needed: Advanced Threat Protection
In the face of these challenges, some organizations are finding they need to take a more modern approach to filling out the rest of the email security puzzle. Particularly promising: advanced threat protection solutions that leverage data science and threat intelligence to stop sham emails from ever reaching employees.
Because they model trusted, authenticated email behaviors between individuals and organizations, this kind of advanced threat protection has been shown to detect incoming email impersonation scams with high efficacy.
Yet even that may not be enough - no security solution is effective 100% of the time. That's where the next piece of the puzzle—an advanced incident response solution—comes into play.
The Importance of Automated Incident Response
According to the Incident Response Consortium, an incident response plan is crucial to fending off any cyberattack. While you do everything you can to prevent criminals from accessing your data, it’s how you respond to attacks that do successfully evade your defenses that can mean the difference between a minor problem or a costly disaster.
As it stands now, hackers spend an average of 200 days inside breached systems before they're discovered. Let that one sink in, and you’ll realize why incident response is of the utmost importance.
But it's crucial that automated incident response solutions employ continuous detection and response technologies that can detect latent threats post-delivery, and instantly recognize and remove emails that match the newly discovered threat indicators from all employee inboxes.
In deployments, these solutions have been shown to dramatically accelerate breach response times and prevent fraudsters from enjoying weeks or even months of unfettered access to valuable corporate data. As a result, security operations centers are able to work more efficiently. And organizations are better able to avoid what is now an average $8.19 million in breach-related losses.
All the Pieces Improve the Picture
The basic point here is that there is no single solution to ensure email security. Yes, DMARC is one important component. But successfully protecting your company from BEC scams, phishing attacks, and other advanced email threats takes a multi-pronged approach.
By implementing advanced email threat protection to keep the bad guys out, and an incident response solution to quickly deal with the few who do get through, a growing number of organizations are solving the email security puzzle.