Knowledge Complete Guide to Email Security Measures: A Thorough Explanation of the Latest Threats and Essential Countermeasures

Email is taken for granted as a business tool, and it is precisely in this “taken for granted” nature that danger lies.

Even today, with the spread of phone and chat tools, email is still widely used for formal communication with external parties and for sending and receiving important documents such as quotations and invoices. Attackers are fully aware of this characteristic—everyone uses it and it is not easily suspected—and are persistently targeting email as a main entry point for cyberattacks.

In the past, many people could spot spam emails due to awkward language or obviously suspicious subject lines. However, recent attack emails often pretend to be part of an existing conversation with a real business partner, or use cleverly crafted subject lines related to work, making them extremely difficult to distinguish at just a glance. Measures that rely solely on employee vigilance have already reached their limits.

What specific threats are companies facing?

These attacks select specific companies or organizations as targets and, after prior research into their business activities and staff names, use highly sophisticated wording to steal credentials or infect victims with malware (such as Emotet) using highly convincing email text. Some methods disguise the email as a reply to a legitimate email from a business partner, making it extremely difficult to identify.

This is a scam in which attackers impersonate senior management, accounting staff, or business partners and send fake instructions by email such as “Please urgently transfer funds to this account,” in order to steal money. Because they use sophisticated psychological tricks, many companies have fallen victim.

These are emails designed to infect recipients with malicious software (malware). Infection occurs when a recipient opens an attachment or clicks a URL in the message body. In recent years, they have frequently been used as an infection vector for ransomware, which encrypts the victim’s data and demands a ransom.

This method involves sending fake emails pretending to be from banks, e-commerce sites, or government agencies, directing users to a fake website (phishing site) that closely resembles a real one, and stealing login IDs, passwords, credit card information, and more by prompting users to enter their data.

Reference: “What is Phishing?” | Cybersecurity for the Public (Japanese Only)

PPAP is a practice long used in Japanese companies where a password-protected ZIP file is sent by email and the password is sent in a separate email. It has been pointed out that this method is vulnerable to email eavesdropping and offers little real security benefit, and the Japanese government has discontinued its use.

To counter these diverse threats, it is essential to adopt a “defense-in-depth” approach that combines multiple countermeasures.

The basic starting point is inbound measures that prevent dangerous emails from ever reaching employees’ inboxes. Spam filters and antivirus functions are used to block known threats.

Outbound measures are designed to prevent employees—whether unintentionally or maliciously—from sending emails containing confidential information outside the company. Systems that automatically check recipients, message content, and attachments, and temporarily hold or block emails that violate rules, are effective.

No matter how advanced a system you introduce, it is ultimately a human who opens the email. Continuous training to raise all employees’ security literacy—such as how to identify suspicious emails and how to report incidents—is one of the most important countermeasures.

By implementing sender domain authentication technologies (SPF, DKIM, DMARC) that prove the sending domain is legitimate, it becomes easier for the receiving side to block spoofed emails that pretend to be from business partners or other trusted senders.

This refers to detecting malware or unauthorized processes that have already infiltrated the environment and preventing the damage from spreading. To achieve this, log collection and continuous monitoring are crucial measures.

Related article: What is Endpoint Security? Explaining its Importance in the Zero Trust Model and Best Practice at Overseas Offices

Below are specific technologies and services that implement these measures.

These are basic solutions that inspect emails before they reach the mail server and quarantine or block spam and emails that have known viruses attached.

This technology executes attachments or URLs from received emails in a safe, isolated virtual environment (sandbox) separate from the internal network and analyzes their behavior. It can detect and block even unknown malware by identifying dangerous actions.

These services send training emails that closely resemble real attack emails to employees and test who opens them. They allow employees to experience realistic threats and enable organizations to objectively measure their level of security awareness.

EDR protects endpoints, while XDR also protects network and other communication devices.
By subscribing to a managed service, you can maintain 24/7 security measures even outside your IT department’s working hours.

These solutions automatically delete attachments from received emails or convert HTML emails into plain text, forcibly removing potential risks hidden in emails.

When sending an email, these systems display pop-up confirmations such as “Are the recipients correct?” and “Is this the correct attachment?” or delay sending for a certain period, preventing data leakage caused by human error.

These systems completely store all sent and received emails over long periods. They are useful for investigating the cause of incidents and preserving evidence in legal disputes.

Related article: On What Threats Should We Focus in Overseas Offices? Explaining the Idea of Zero Trust

With advances in AI technology, the field of email security is also changing. More advanced solutions are emerging that use AI to detect signs of Business Email Compromise (BEC) by analyzing context, and to learn each employee’s email usage patterns in order to detect abnormal behavior that differs from the norm.

Email remains one of the most important communication tools in business, and at the same time, it is also one of the biggest targets for cyberattacks.

It is impossible to defend against all threats with a single countermeasure. Combining multiple measures—such as inbound measures, outbound measures, early detection and lateral-movement prevention, and employee training—into a “defense-in-depth” approach and continuously improving the security of your organization’s email environment is essential for protecting corporate assets and trust. A good first step is to identify what risks are hidden in your own email environment.