Email Security Thumbnail

Email Security 101: Balancing Human and Machine Approaches to Combat Phishing

Next-gen cybersecurity attacks can bypass traditional technologies, and the role of human interaction cannot be underestimated when dealing with these threats. Email security is critical to organizations as members must often correspond with people outside of their networks, e.g., tending to customer queries, requests, and feedback.  It’s not uncommon to receive viruses, spam, crypto-malware, and ransomware files through attachments. Robust email security can safeguard personal and corporate data from cyber-attacks, prevent identity theft, and ensure end-users and organizations stay protected. 

Over 90% of all cyber-attacks are attributed to phishing emails, and few organizations are immune to dealing with emerging threats, especially with the advent and use of malware, ransomware, and social engineering techniques being so prevalent (Yong 2020). Phishing emails target users in different ways, and attackers are quite savvy at duping victims into clicking on email links and opening attachments.

Your employees are your first line of defense, and although they must know how to protect themselves online, sometimes more than knowledge is needed. Technology is not foolproof and cannot fully filter phishing emails since attackers can make them highly personalized.  The International Anti-Phishing Work Group (APWG) was established to inform online users of email security trends, threats, and scams. Machine Learning plays a significant role in developing anti-phishing models using techniques like dynamic self-structuring neural networks, associative classifications, and dynamic rule induction. However, phishing email attacks cannot be warded off with technology alone, as the human element is involved when engaging with these threats (Said Baadel, 2023).

Cybersecurity Vulnerabilities Your Business Can Face 

Regarding email security for organizations, below is a list of the most dangerous cybersecurity vulnerabilities they face:

Physical Security

Examples of physical security threats include vandalism, robbery, natural disaster, and unauthorized access to premises. These threats cause damage to computer systems and allow malicious actors to steal login credentials directly, which compromises email security. Someone who gains direct access to machines can wipe out all the data from servers.

Network Perimeter Security 

Network perimeter security is subject to risks such as broken authentication, weak firewalls, low bandwidths, and misconfigurations related to an organization’s policies.

Security of Internal Communications 

If your internal communications channels aren’t secure, your emails could leak. Employee negligence is one of the most significant risks to email security, and many businesses have noted that they have lost important documents and sensitive information due to human error.

Incident Response Challenges 

The growth of the email threat landscape shows that a failure to respond promptly to email attacks costs businesses a lot of valuable resources. Attacks use sophisticated methods to forward their malicious objectives, and email incident response is more complex than searching for and deleting harmful messages. Even secure email gateways can be bypassed, and attacks cannot be filtered or restricted using traditional security tools.

Combat Phishing Threats with AI and Human Insight 

Security and IT experts are using AI-powered anti-phishing tools to reduce workloads and improve their ability to detect threats over email with high precision and accuracy. While AI-based tools are effective at scanning malicious attachments and links, they can also analyze message intent and detect social engineering attacks like business email compromise by leveraging sentiment analysis. While AI is powerful enough to detect 99% of email threats, there is still that rare 1% error margin where attacks are sophisticated enough to bypass the best filters. Your employees are your last line of defense when it comes to staying protected from email attacks: this is where regular security awareness training comes in. Running extensive phishing simulation tests within the organization to check and see who is up to date with the latest cybersecurity practices and who is falling behind is a great security strategy for businesses.

The following steps outline how to balance the human and machine learning approach to build an effective anti-phishing strategy:

1. Create Baselines and Establish Risk Levels 

Before building an anti-phishing strategy, it’s important to establish a baseline regarding which threats your organization is likely to face. Once you have identified these threats, you must also set your acceptable risk levels and assess employee security awareness training programs to see which profiles attackers are targeting the most. Allocate your resources and prioritize efforts in training to address these vulnerabilities effectively.

2. Assess Tools 

Evaluate the efficacy of your current anti-phishing toolkits and see if they meet business expectations. Security and IT teams combine SEG solutions with anti-phishing strategies to enhance security awareness training. All-in-one email security solutions that incorporate AI and human insights to improve real-time detection of threats and provide remediation are also popular and in high demand today. When deciding whether it is in your best interest to adopt such approaches for your organization, you may ask yourself, is there any room for improvement, and will your current methods prove effective when your organization scales up?

3. Empowering Your Employees 

You can combat advanced phishing attacks like VIP impersonation, BEC, and ATO by combining AI and human insights into one platform. Empowering your employees can be seen as an asset that builds upon your email security. When your employees take personal accountability for their data and help build awareness, it strengthens your organization’s security posture (Rezabek, 2023).

Tips for Building Good Email Habits to Ward Off Phishing Attacks 

The following tips are excellent email habits to build to ward off phishing attacks:

  • Avoid unverified links from unknown users – Phishing can be text messages, social media posts, ads, and SMS. Clicking on links from unknown users can redirect to fake websites. As a precaution, it’s important to hover over links before clicking on them to see where they lead. Be aware of words like “copy” or “get this link” as part of URLs, since phishers are increasingly intelligent with their baits (Spike, 2022).
  • Don’t respond to emails that instill fear or a sense of urgency – Fear tactics and emails that instill a sense of urgency are generally scams. If you receive offers that sound too good to be true, it usually is. A typical phishing scam is when scammers pose as online retailers and send discount codes and coupons. They may ask you to register on a website to steal your credentials. Be wary of emails with poor spelling and grammar as well, since some scammers are not usually adept at online communication (Spike, 2022).
  • Do not use public Wi-Fi – Public Wi-Fi does not encrypt your data, is insecure, and won’t keep your information safe from prying eyes. Using a VPN and a private hotspot can help prevent on-path attacks. If you are using multiple email accounts, it’s good practice to use a strong password manager, which can randomize credentials for every service and page you visit. Change your passwords frequently over short periods, and don’t be afraid to experiment with different types of encryption and backup methods so that access to sensitive information is permanently restricted (Spike, 2022).
  • Do not share personal information – You should never share personally identifiable information with anyone over the internet. Avoid posting your details over social media, addresses, phone numbers, and anything else that cyber thieves could exploit. Attackers are excellent at devising the best social engineering tactics, and even the most minor bits of information can help them compromise your data (Simister, 2022).
  • Enable 2FA or MFA – Two-factor authentication or multi-factor authentication can make it almost impossible for hackers to penetrate email systems. They will need to obtain an additional security code generated by separate devices, and unless they have physical access to them, they cannot hijack your accounts. Most 2FA and MFA apps will send alerts to your phone and devices when someone tries to log in to your accounts with suspicious user credentials. This will allow you to act before the account gets compromised.
  • Use Email Forensic Investigative Techniques – Metadata analysis, port scanning, keyword searching, and investigating the source code and content of emails can identify the actual recipients and senders of messages. Popular techniques used in email forensics include network device and server investigations, software-embedded identifiers, header analysis, and analyzing sender mailer fingerprints. Python is mainly used for conducting email forensics and extracting information from EML files. It’s also standard practice to use MD5 and SHA1 hashing algorithms to preserve digital evidence and conduct email forensics investigations. (Sethi, 2022)

Tips for Building on Your Existing Email Security Stack 

Even when following a defense-in-depth model, organizations may need more support in email security solutions. Using an on-premises solution for your email infrastructure can translate to difficulties in migration and compliance. Here are some tips on how to build upon your existing email security stack:

  • Scalability is one of the main concerns of organizations when building an existing email security stack. Cloud-based vendors support high-volume sending, and Simple Mail Transfer Protocol (SMTP) is the standardized protocol for mail transfers. However, SMTP does not offer encryption in its native state and is prone to spam. Transport Layer Security (TLS) encryption solves this problem and ensures that messages stay protected when traveling to inboxes.
  • The three must-haves of automated email security solutions are triage, remediation, and incident response investigation. Email threat protection platforms can automate SOC processes, and fully automated solutions will seamlessly integrate with existing SIEM and SOAR solutions. The need for manual research is removed by using internal and external threat intelligence resources like multi-AV machines, email metadata analysis, crowd intelligence, and sandboxes.
  • Good triage email security solutions should be able to prioritize and cluster email messages according to different categories like spam messages, false positives, and phishing messages. It should be able to filter emails by source and reputation and identify whether messages have been opened (Benishti, 2019). 


Technology is constantly evolving, and it is not easy to design and implement an effective email security strategy to protect business needs. Users need to be trained to identify threats and scope for suspicious activities in areas where AI and automation prove to leave behind vulnerabilities or missing instances.  Remember that every email security program is flawed, and the best approach is to combine human intelligence with automation to create the best email security suite.




About the Author


Priyanka Kulkarni Joshi

CISO: Cyber Security Specialist, UBS

Priyanka Kulkarni Joshi is a certified CISO and cybersecurity specialist who specializes in online security research, planning, execution, and maintenance. She is an expert in audits and risk management, ethical hacking, and compliance and has managed various freelance security projects in the past. Priyanka has excellent managerial skills and an impressive track record in the IT security industry and was nominated as the winner of the 2020 Cyber Spartans Awards.
Share this Article
You may also like
Recent Articles

Train with EC-Council